Date: Sat, 5 Mar 2011 11:47:19 -0700 From: Modulok <modulok@gmail.com> To: erikmccaskey64 <erikmccaskey64@zoho.com> Cc: freebsd <freebsd-questions@freebsd.org> Subject: Re: Is it safe to run tcpdump? Message-ID: <AANLkTim8-1uF5fJtNJ7OzXBULRO0k4M-OwpuGnt29_bf@mail.gmail.com> In-Reply-To: <12e85ece3b5.7517152619980667233.9119604654657332096@zoho.com> References: <12e85ece3b5.7517152619980667233.9119604654657332096@zoho.com>
next in thread | previous in thread | raw e-mail | index | archive | help
What do you mean by 'safe'? The only side affects I can think of to running tcpdump on an interface constantly, is the generation of large log files (if you re-directed to log files) as well as the fact that it usually puts an interface into 'promiscuous mode'. (See the -p flag.) This offloads network traffic onto the cpu which could introduce additional network latency for high throughput networks in some situations. (As far as how much latency, if any, and whether it's actually a problem depends on many factors. Test it.) Other ways to generate network logs would be via the logging feature of the PF firewall. You can setup specific rules to capture tcpdump compatible logs and send them either to a log file or to a pseudo network interface (the pflog device) for live viewing. There's a chapter about this covered in Peter Hansteen's "The Book of PF". -Modulok- On 3/5/11, erikmccaskey64 <erikmccaskey64@zoho.com> wrote: > Is it safe to always run tcpdump on the server, e.g.: like this: > > > tcpdump -qn dst net 192.168.1.0/24 > > > I need it to "audit the network" .. :\ > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTim8-1uF5fJtNJ7OzXBULRO0k4M-OwpuGnt29_bf>