Wednesday, January 15, 2014

ngrep & tcpdump

ngrep -q -d eth0 -W byline host my and port 80

tcpdump -s 1111  port 80 -w capture_file

tcpdump -nnvvS and src and dst port 3389

# Traffic originating from Mars or Pluto that isn't to the SSH port

tcpdump -vv src mars and not dst port 22

Monitor network traffic / Find the rouge IP address  machine

tcpdump -l -n arp | egrep 'arp who-has' | head -100 | awk '{ print $NF }' |sort | uniq -c | sort -n

No comments:

Post a Comment