forked from spinesystemspublic/documentation
Articles and pcap
This commit is contained in:
Denys Fedoryshchenko
+12
-1
@@ -48,6 +48,17 @@ Which means:
|
||||
* -vvv - verbose output
|
||||
* -c 100 - capture 100 packets and exit
|
||||
|
||||
## pcap filters
|
||||
|
||||
You can use various pcap filters in trafw, iptop and tcpdump.
|
||||
For example if you want to see only traffic from subnet 8.8.8.0/24 and source port 53 you can use:
|
||||
```
|
||||
# to show total traffic for this filter
|
||||
trafw ppp0 "src net 8.8.8.0/24 and src port 53" ppp0 "src net 8.8.8.0/24 and src port 53" 1
|
||||
# to show top consumers of such traffic
|
||||
iptop eth0 "src net 8.8.8.0/24 and src port 53" 10000 dst
|
||||
# to capture such traffic and see each packet, only 100 packets
|
||||
tcpdump -ni ppp185 -vvv -c 100 "src net 8.8.8.0/24 and src port 53"
|
||||
|
||||
|
||||
More info, in articles:
|
||||
https://iphelix.medium.com/packet-filtering-techniques-84fc3fc2ea3b
|
||||
|
||||
Reference in New Issue
Block a user