ngrep -q -d eth0 -W byline host my domain.com and port 80
tcpdump -s 1111 port 80 -w capture_file
tcpdump -nnvvS and src 10.5.2.3 and dst port 3389
# Traffic originating from Mars or Pluto that isn't to the SSH port
tcpdump -vv src mars and not dst port 22
Monitor network traffic / Find the rouge IP address machine
tcpdump -l -n arp | egrep 'arp who-has' | head -100 | awk '{ print $NF }' |sort | uniq -c | sort -n
tcpdump -s 1111 port 80 -w capture_file
tcpdump -nnvvS and src 10.5.2.3 and dst port 3389
# Traffic originating from Mars or Pluto that isn't to the SSH port
tcpdump -vv src mars and not dst port 22
Monitor network traffic / Find the rouge IP address machine
tcpdump -l -n arp | egrep 'arp who-has' | head -100 | awk '{ print $NF }' |sort | uniq -c | sort -n
No comments:
Post a Comment