I come to you with a question over a few things. First of course is perl versus another solution (basic shell) and the next is over libpcap and tcpdump. I currently have a script (shell) that looks something like this snidbit:
# Sector au-135
/usr/sbin/tcpdump -n -c 30000 -w /tmp/tcptrace/$FILENAME -i eth1 host
+`/usr/local/bin/which-hosts au-135 50|/usr/local/bin/host-it.pl`&
Basically I am going to be going back to tcpdump to dump data for a certain "sector" of users on a broadband network. With shell, I am using sleep, and doing these all at once. I am planning on updating to perl with systems calls and forking off multiple tcpdump sessions at once, but I wanted to ask if anyone had done something like this before. Will tcpdump run multiple sessions? What type of load are we talking if somewhere around 15 sessions are running? What type of degredation of integrity/is there any that I can expect from the data recieved through tcpdump? Thanks ahead of time for any help you can spare.
"Never underestimate the predicability of stupidity"
- Bullet Tooth Tony, Snatch (2001)