khodor/documentation
0
0
Fork 0
forked from spinesystemspublic/documentation
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Articles and pcap

Browse Source
This commit is contained in:
Denys Fedoryshchenko
2023-10-31 03:22:06 +02:00
parent 14a22b5a54
commit 2b40b78166
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
PPPOE_misc_tricks.md
+12 -1
View File
@@ -48,6 +48,17 @@ Which means:
* -vvv - verbose output * -vvv - verbose output
* -c 100 - capture 100 packets and exit * -c 100 - capture 100 packets and exit
## pcap filters
You can use various pcap filters in trafw, iptop and tcpdump.
For example if you want to see only traffic from subnet 8.8.8.0/24 and source port 53 you can use:
```
# to show total traffic for this filter
trafw ppp0 "src net 8.8.8.0/24 and src port 53" ppp0 "src net 8.8.8.0/24 and src port 53" 1
# to show top consumers of such traffic
iptop eth0 "src net 8.8.8.0/24 and src port 53" 10000 dst
# to capture such traffic and see each packet, only 100 packets
tcpdump -ni ppp185 -vvv -c 100 "src net 8.8.8.0/24 and src port 53"
More info, in articles:
https://iphelix.medium.com/packet-filtering-techniques-84fc3fc2ea3b