[nycbug-talk] tcpdump filtering

Jesse Callaway bonsaime at gmail.com
Tue Feb 2 21:01:37 EST 2010


On Tue, Feb 2, 2010 at 10:14 AM, George Rosamond
<george at ceetonetechnology.com> wrote:
> Max Gribov wrote:
>>
>> found this article while looking for how to filter out only rst packets,
>> some very cool tcpdump recipes
>> http://acs.lbl.gov/~jason/tcpdump_advanced_filters.txt
>
> Cool stuff on a few levels.
>
> tcpdump is like nmap and so many other tools in that the majority of people
> have their three or four commands, and rarely go beyond.
>
> It could make a cool meeting topic. . the recipe approach to tcpdump, nmap,
> or other tools. . .
>
> g
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

Those bit-level filters are really cool... Would have never thought of
that, in fact I didn't even know you could despite having read the man
pages (i thought) at least 3 times. Really like the traceroute packet
match, so simple, yet so cunning!

While we're on the topic of "fun stuff", I fell into this today...
nowhere near as techie as the header filters.

something | awk ' /pattern/ { system("/bin/x args stuff" $3) }'

which is kinda nicer than the if [ something | `grep pattern` ];then
tempstring=`something | sed......;fi

-jesse



More information about the talk mailing list