Both tools are used to analyze network related problem. tcpdump captures the header information. iptrace captures the whole packets from interface. Unlike tcpdump, iptrace copies the packet from kernel to user space for further filtering unless -B option is used. iptrace can monitor more than 1 interfaces. If the number of interfaces to be monitored are high, it may result in packet drops. The interfaces can be specified by -i option.
The iptrace command uses either the network trace kernel extension (net_xmit_trace kernel service), which is the default method, or the Berkeley Packet Filter (BPF) packet capture library to capture packets (-u flag). The iptrace command can either run as a daemon or under the System Resource Controller (SRC).
No comments:
Post a Comment