TcpDump

From Vague Hope Wiki
Jump to: navigation, search
tcpdump -i eth0 tcp port 80 -w foo.$(date +'%Y%m%d-%H%M%S').pcap
tcpdump -i eth0 "(host 10.0.1.1 or 10.0.1.2) and tcp port 8000" -w foo.$(date +'%Y%m%d-%H%M%S').pcap


http.time || tcp.analysis.retransmission || _ws.expert.severity >= 0x00600000