On Dec 22, 2017, at 8:10 AM, Warren Young <war...@etr-usa.com> wrote:
>
> $ sudo tshark -b duration:1 port 8080 and tcp.flags.syn==1 | wc -l
Sorry, that’s bogus. Try this instead:
$ sudo tshark -i enp3s0 -w x.pcap -b duration:5 -a files:1 \
port 8080 and "tcp[tcpflags] & tcp-syn != 0”
Adjust the interface name (-i) to suit your machine.
The capture file x.pcap is just there to placate tshark. You can remove it
when the command finishes, because what we’re interested in is the number that
tshark reports. That’s also why we don’t need wc -l.
And as for the SYN filter, that was a display filter, not a capture filter.
Sigh.
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
