>>>>> "IFOSS" == IFOSS <Isherwood> writes:
IFOSS> I've been tasked with capturing "web traffic" outbound from my site.
IFOSS> I was planning on using TCPDUMP to log the traffic, then a little post log
IFOSS> processing, but the tcpdump I'm getting is pretty chatty.
IFOSS> While trying to trim the output to a manageable volume, I've gotten this
IFOSS> far:
IFOSS> tcpdump -n tcp port 80 -w web_traffic.log
IFOSS> but that logs all port 80 traffic right? How should I isolate JUST the SYN?
IFOSS> Boss only wants to track traffic TO web sites...
There is an example in the man page:
To print the start and end packets (the SYN and FIN pack-
ets) of each TCP conversation that involves a non-local
host.
tcpdump 'tcp[13] & 3 != 0 and not src and dst net localnet'
] Train travel features AC outlets with no take-off restrictions|gigabit is no[
] Michael Richardson, Solidum Systems Oh where, oh where has|problem with[
] [EMAIL PROTECTED] www.solidum.com the little fishy gone?|PAX.port 1100[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
