Difference between revisions of "TcpDump"
From Vague Hope Wiki
Line 1: | Line 1: | ||
tcpdump -i eth0 tcp port 80 -w foo.$(date +'%Y%m%d-%H%M%S').pcap | tcpdump -i eth0 tcp port 80 -w foo.$(date +'%Y%m%d-%H%M%S').pcap | ||
tcpdump -i eth0 "(host 10.0.1.1 or 10.0.1.2) and tcp port 8000" -w foo.$(date +'%Y%m%d-%H%M%S').pcap | tcpdump -i eth0 "(host 10.0.1.1 or 10.0.1.2) and tcp port 8000" -w foo.$(date +'%Y%m%d-%H%M%S').pcap | ||
+ | |||
+ | |||
+ | http.time || tcp.analysis.retransmission || _ws.expert.severity >= 0x00600000 |
Latest revision as of 02:15, 16 February 2016
tcpdump -i eth0 tcp port 80 -w foo.$(date +'%Y%m%d-%H%M%S').pcap tcpdump -i eth0 "(host 10.0.1.1 or 10.0.1.2) and tcp port 8000" -w foo.$(date +'%Y%m%d-%H%M%S').pcap
http.time || tcp.analysis.retransmission || _ws.expert.severity >= 0x00600000