Difference between revisions of "Linux tcpdump and ngrep"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
= | = tcpdump = | ||
== Usage of expressions and | or with subnets == | == Usage of expressions and | or with subnets == | ||
<source lang="bash"> | <source lang="bash"> | ||
Revision as of 10:31, 18 August 2018
tcpdump
Usage of expressions and | or with subnets
tcpdump -qn -i any -p -e "(dst port 9443 or dst port 22 or dst port 8672) \ and (src net 10.34.96.128/25 or src net 10.34.97.128/25 or net 10.34.98.128/25)" tcpdump -qn -i any -p -e "dst port 22 \ and (src net 10.34.96.128/25 or src net 10.34.97.128/25 or net 10.34.98.128/25)" # -q less verbose, -n no-dns, -p? -e expression
ngrep
ngrep is network packet analyzer tool, It is a grep-like tool applied to the network layer – it matches traffic passing over a network interface with tcpdump like arguments syntax. It supports IPv4/6, TCP, UDP, ICMPv4/6, IGMP as well as Raw.
sudo apt install ngrep sudo yum install ngrep sudo dnf install ngrep