Ever-evolving list of tshark command lines I use for various purposes, with a goal of avoiding trolling through wireshark and tcpdump man pages every time to find the filters. Generally adding a -V, -VV or -VVV switch increases verbosity levels. I also usually prepend the tshark command with nice -n 19 ionice -c3 to try to minimize processor (CPU) and disk I/O usage when running tshark.
- Monitor DECnet-UDP bridged traffic to HECnet. The following is for the VPS hosting CLOUDY:: and JUICHI:: which bridges DECnet over UDP to HECnet update host and QCOCAL:: hosted on sanyalnet-openvms-vax.freeddns.org (described in my post here):
# tshark -i ens33 -f "host psilo.update.uu.se" -f "host sanyalnet-openvms-vax.freeddns.org" -f "udp port 4711" -f "udp port 4712" - Capture all NTP traffic:
# tshark -i ens33 -f "udp port 123" - Capture all NTP server traffic. This mostly logs NTP time served by this server to other hosts.
# tshark -i ens33 -f "udp port 123" | grep "server" - To capture all NTP traffic for this host serving time to other hosts, grep like follows:
# tshark -i ens33 -f "udp port 123" | egrep "64.137.162.139 ->" | grep server - Capture all NTP client traffic. This mostly logs NTP traffic that synchronizes this host from remote clock source hosts.
# tshark -i ens33 -f "udp port 123" | grep "client" - Capture all traffic to SanyalCraft Minecraft server (on port 25565) and our experimental Minecraft server on port 25566:
# tshark -i ens33 -f "tcp port 25565" -f "tcp port 25566"
No comments:
Post a Comment
"SEO" link builders: move on, your spam link will not get posted.
Note: Only a member of this blog may post a comment.