From d0677020ce89fc087925467480d75428df52dc95 Mon Sep 17 00:00:00 2001 From: Daniel Borkmann Date: Wed, 27 May 2015 12:36:03 +0200 Subject: netsniff-ng: add example for fanout into man page Add an example, so users can easily adapt and move on from that. Signed-off-by: Daniel Borkmann --- netsniff-ng.8 | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/netsniff-ng.8 b/netsniff-ng.8 index 31c4907..677a78c 100644 --- a/netsniff-ng.8 +++ b/netsniff-ng.8 @@ -320,7 +320,7 @@ filter HTTP traffic. Super jumbo frame support is automatically enabled and only print human readable packet data to the terminal, and also be more verbose during setup phase. Moreover, dump a BPF disassembly of http.bpf. .PP -.SS netsniff-ng --in dump.pcap --out dump.cfg --silent +.SS netsniff-ng --in dump.pcap --out dump.cfg --silent Convert the pcap file dump.pcap into a trafgen(8) configuration file dump.cfg. Do not print pcap contents to the terminal. .PP @@ -349,6 +349,17 @@ setup and teardown). netsniff-ng can then make use of the nlmon device as an input device. In this example a pcap file with netlink traffic is being recorded. .PP +.SS netsniff-ng --fanout-group 1 --fanout-type cpu --fanout-opts defrag --bind-cpu 0 --notouch-irq --silent --in em1 --out /var/cap/cpu0/ --interval 120sec +.SS netsniff-ng --fanout-group 1 --fanout-type cpu --fanout-opts defrag --bind-cpu 1 --notouch-irq --silent --in em1 --out /var/cap/cpu1/ --interval 120sec +Starts two netsniff-ng fanout instances. Both are assigned into the same fanout +group membership and traffic is splitted among them by incoming cpu. Furthermore, +the kernel is supposed to defragment possible incoming fragments. First instance +is assigned to CPU 0 and the second one to CPU 1, IRQ bindings are not altered as +they might have been adapted to this scenario by the user a-priori, and traffic +is captured on interface em1, and written out in 120 second intervals as pcap +files into /var/cap/cpu0/. Tools like mergecap(1) will be able to merge the cpu0/1 +split back together if needed. +.PP .SH CONFIG FILES .PP Files under /etc/netsniff-ng/ can be modified to extend netsniff-ng's -- cgit v1.2.3-54-g00ecf