Linux command ‚tcpdump‘ – masterclass expressions

Linux tcpdump command – masterclass expressions aims to provide in-depth technical information on the installation, usage and operation of the classic and supremely popular tcpdump network traffic analysis program including alternatives, running tcpdump as a process, building expressions, understanding output and more

#!/bin/sh
tcpdump „(host 192.168.26.28 and host 192.168.26.111) or (host 192.168.26.28 and host 192.168.26.123) or (host 192.168.26.28 and host 192.168.26.143) or (host 192.168.26.28 and host 192.168.26.153) or (host 192.168.26.111 and host 192.168.26.143) or (host 192.168.26.111 and host 192.168.26.153) or (host 192.168.26.111 and host 192.168.26.123) or (host 192.168.26.143 and host 192.168.26.153) or (host 192.168.26.123 and host 192.168.26.143) or (host 192.168.26.123 and host 192.168.26.153)“ -i ens160 -W 10 -C 100 -w tcpdump-medico-UI-Portal-ORACLE.pcap &
tcpdump „(host 192.168.26.28 and host 192.168.26.141)“ -i ens160 -W 10 -C 100 -w tcpdump-medico-AAS-ORACLE.pcap &
tcpdump „((host 192.168.26.28 and port 445 ) and not host 192.168.26.105) or (host 192.168.26.28 and host 192.168.26.101)“ -i ens160 -W 10 -C 100 -w tcpdump-medico-SAMBA-ORACLE.pcap &
#!/bin/sh
tcpdump „(host 192.168.26.29 and host 192.168.26.112) or (host 192.168.26.29 and host 192.168.26.124) or (host 192.168.26.29 and host 192.168.26.144) or (host 192.168.26.29 and host 192.168.26.154) or (host 192.168.26.112 and host 192.168.26.144) or (host 192.168.26.112 and host 192.168.26.154) or (host 192.168.26.112 and host 192.168.26.124) or (host 192.168.26.144 and host 192.168.26.154) or (host 192.168.26.124 and host 192.168.26.144) or (host 192.168.26.124 and host 192.168.26.154)“ -i ens160 -W 10 -C 100 -w tcpdump-medico-UI-Portal-INGRES.pcap &
tcpdump „((host 192.168.26.29 and port 53) and not host 192.168.26.105)“ -i ens160 -W 10 -C 100 -w tcpdump-medico-DNS-INGRES.pcap &
tcpdump „(host 192.168.26.29 and host 192.168.26.142)“ -i ens160 -W 10 -C 100 -w tcpdump-medico-AAS-INGRES.pcap &
tcpdump „((host 192.168.26.29 and port 445) and not host 192.168.26.105) or (host 192.168.26.29 and host 192.168.26.101)“ -i ens160 -W 10 -C 100 -w tcpdump-medico-SAMBA-INGRES.pcap &
#!/bin/sh
tcpdump „(host 192.168.26.29 and host 192.168.26.112) or (host 192.168.26.29 and host 192.168.26.124) or (host 192.168.26.29 and host 192.168.26.144) or (host 192.168.26.29 and host 192.168.26.154) or (host 192.168.26.112 and host 192.168.26.144) or (host 192.168.26.112 and host 192.168.26.154) or (host 192.168.26.112 and host 192.168.26.124) or (host 192.168.26.144 and host 192.168.26.154) or (host 192.168.26.124 and host 192.168.26.144) or (host 192.168.26.124 and host 192.168.26.154)“ -i ens160 -C 100 -G 3600 -w tcpdump-medico-UI-Portal-%H%M.pcap &
tcpdump „(host 192.168.26.29 and host 192.168.26.142)“ -i ens160 -C 100 -G 3600 -w tcpdump-medico-AAS-%H%M.pcap &
tcpdump „((host 192.168.26.29 and port 445 ) and not host 192.168.26.105) or (host 192.168.26.29 and host 192.168.26.101)“ -i ens160 -C 100 -G 3600 -w tcpdump-medico-SAMBA-%H%M.pcap &

This entry was posted on Mittwoch, April 1st, 2020 at 22:10 and is filed under Administration, Network Info. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.