tcpdump mailing list archives
reconstruct HTTP requests in custom sniffer
From: Andrej van der Zee <andrejvanderzee () gmail com>
Date: Wed, 29 Dec 2010 02:22:19 +0900
Hi, I am asked to write a custom sniffer with libpcap on Linux that has to handle a load of 50.000 packets per second. The sniffer has to detect all HTTP requests and dump the URI with additional information, such as request size and possibly response time/size. The packets, destined for the load-balancer, are duplicated by the switch using port-mirroring to my own machine. It is important that our solution is 100% non-intrusive to the web application being monitored. Probably I need to access the POST data of certain HTTP requests. Because HTTP requests are, obviously, broken into multiple packets, is it feasible to reconstruct the whole HTTP request with POST data from multiple packets? Regarding the load of 50.000 packets a second, is this expected to be a problem? Any feedback is very appreciated! Cheers, Andrej - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- reconstruct HTTP requests in custom sniffer Andrej van der Zee (Dec 28)
- Re: reconstruct HTTP requests in custom sniffer Jefferson Ogata (Dec 28)
- Re: reconstruct HTTP requests in custom sniffer Andrej van der Zee (Dec 28)
- Re: reconstruct HTTP requests in custom sniffer kay (Dec 28)
- Re: reconstruct HTTP requests in custom sniffer Andrej van der Zee (Dec 28)
- Re: reconstruct HTTP requests in custom sniffer Jefferson Ogata (Dec 28)