Archive for November, 2016

22
Nov

tcpdump

   Posted by: admin    in Mẹo vặt của hiếu râu

tcpdump -i eth0 -nnn -w pcap-%Y-%m-%d-%H-%M-%S.pcap -G 60

-C MB , -W num files, -G second

incomming TCP syn group by port

tcpdump -tttt -nn -r pcap-2016-11-22_10:42:32.pcap ‘tcp and dst 127.0.0.1 and tcp[13]=2′ | cut -f 6 -d ‘ ‘ | cut -f 5 -d ‘.’ | sort | uniq -c

incoming http syn group by source ip

tcpdump -tttt -nn -r pcap-2016-11-22_10:43:32.pcap ‘tcp and dst 127.0.0.1 and tcp[13]=2 and port 80′ | cut -f 4 -d ‘ ‘ | cut -f 1-4 -d ‘.’ | sort | uniq -c | sort -nr

Fin = 1

Syn = 2

Rst = 4

Psh = 8

Ack = 16

Ugent = 32

Comments Off
Back to top