sorting of tcpdump output
Hi! I took a tcpdump of a some kind of strange connection (a permanently 24/7 connected station) and want to sort the content from the content I don't want to read (only the one station is of interest, the rest can got to /dev/trash). I only want to knwo, what he/she is doing, or if he/she forgot to logout of an web-app. I used less | grep -e FILTER1 -e FILTER2 [...] > output, but grep anly shows me single lines. Is there any other programm that can filter the output or any tools on the net? Philippe
Moin Philippe! ethereal -- michael Philippe Vogel schrieb am Donnerstag, den 11. März 2004:
Hi!
I took a tcpdump of a some kind of strange connection (a permanently 24/7 connected station) and want to sort the content from the content I don't want to read (only the one station is of interest, the rest can got to /dev/trash). I only want to knwo, what he/she is doing, or if he/she forgot to logout of an web-app.
I used less | grep -e FILTER1 -e FILTER2 [...] > output, but grep anly shows me single lines.
Is there any other programm that can filter the output or any tools on the net?
Philippe
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Philippe Vogel wrote:
I took a tcpdump of a some kind of strange connection (a permanently 24/7 connected station) and want to sort the content from the content I don't want to read (only the one station is of interest, the rest can got to /dev/trash). I only want to knwo, what he/she is doing, or if he/she forgot to logout of an web-app.
I used less | grep -e FILTER1 -e FILTER2 [...] > output, but grep anly shows me single lines.
Is there any other programm that can filter the output or any tools on the net?
You don't need grep or any other tool to filter tcpdump's output.. tcpdump has its own options for that purpose. If you read the tcpdump man page it has some very useful information under the 'expression' section and several examples below that. Basically if you have the computer in question's IP address (let's say 192.168.1.20) then this will do the trick.. # tcpdump [whatever options you want to use] host 192.168.1.20
participants (3)
-
Avtar Gill -
Michael Galloway -
Philippe Vogel