so, I've been having some problems with packet loss that I have reason
to believe have to do with "microbursts" of malicious traffic.
What I want is a tool that will detect these 'microbursts' and give me a
very detailed report of the packets flowing during the (very small...
one second? half second? quarter-second?) period of time when my
pipe is overwhelmed.
I'm thinking of setting up a perl script to just watch the output of
tcpdump; have that perl script save all the packets in a 100ms slice,
and to just dump all the packets for that 100ms to a log if the bytes
exceed my threshold, but before I do that, well, it seems to me like
there ought to be a standard way to deal with this problem.
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
