|
|
Sponsored Content
Top Forums
Shell Programming and Scripting
analyzing tcpdump output
Post 302203101 by slumpia on Friday 6th of June 2008 01:41:35 PM
06-06-2008
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
can some tell me how to do this. I mean, i tried finding this out on my own but when I checked the man pages, i got a truckload of commands available pertaining to this task which in turn got me confused.
so my question is, if there is a simple straight forward(not necessarily easy) way to... (2 Replies)
Discussion started by: TRUEST
2 Replies
2. Shell Programming and Scripting
Hello,
I have two data (.txt) files which I need to do some operations on them simultaneously. for example:
file1:
word11 word12 word13
word21 word 22 word 23
word31 word32 word33
file2:
word11 word12 word13
word21 word 22 word 23
word31 word32 word33
I need to see if each... (13 Replies)
Discussion started by: shira
13 Replies
3. Shell Programming and Scripting
i am trying to write a script to parse some tcpdump output, in each line of the tcpdump output, I know for sure there are 3 keywords exist:
User{different usernamehere}
NAS_ipaddr{different ip here}
Calling_station{ip or dns name here}
But the positions for these 3 keywords in the... (4 Replies)
Discussion started by: fedora
4 Replies
4. AIX
I have received errpt like this.Any help will be highly appreciated.Recently my application has been migrated to aix 5.3 and working fine in aix 5.2 with out crashes.
LABEL: CORE_DUMP
IDENTIFIER: C69F5C9B
Date/Time: Thu Apr 23 09:41:29 EDT 2009
Sequence Number: 948... (3 Replies)
Discussion started by: kittu1979
3 Replies
5. Emergency UNIX and Linux Support
We have a binary that generates coredump. So I ran the gdb command to analyze the issue. Pleae note the binary and code are in two different locations and we cannot build the whole binary using debugging symbols. Hence how and what details can I find from below backtarce:
gdb binary corefile
... (5 Replies)
Discussion started by: uunniixx
5 Replies
6. UNIX and Linux Applications
Is/Are there an/some application/applications , package/packages for benchmarking or system performance measuring which are there for almost all Linux releases and distributions? (2 Replies)
Discussion started by: nixhead
2 Replies
7. UNIX for Dummies Questions & Answers
Hi List,
Could someone please point me into the right direction with the following:
I have a file containing a list of street addresses.
I need to sort all the street addresses with the same number to a new file containing the street name and corresponding number.
So:
Strawinskylaan... (3 Replies)
Discussion started by: M474746
3 Replies
8. AIX
Hi Admins,
I need your help to analyze the cpu usage of our main server. I have shared below, CPU usages during busy hours and non busy hours.
CPU usage is always full at busy hours. Users always complaints about slowness. This server is a lpar partition and configured as uncapped mode.
... (7 Replies)
Discussion started by: newaix
7 Replies
9. Programming
Hello,
I was reading Heuritics text and came across an algorithm below. Finding hard to analyze it can any one help me out below...
How to analyze if I take say no. of types are 5 and each type has say 20 coins.
thanks.
Let {c1, c2...cn=1} be a set of distinct coin types where ci is... (1 Reply)
Discussion started by: sureshcisco
1 Replies
10. Cybersecurity
Hello everyone, so I'm getting this tcpdump, and it looks like..quite a mess... Can anyone decipher this? I can tell that one IP is requesting DNS info? but I'm having trouble finding out what some of the fields actually mean..
19:44:50.707637 IP 66.81.1.252.53 > 64.147.113.139.28638: 52313... (4 Replies)
Discussion started by: Lost in Cyberia
4 Replies
LEARN ABOUT DEBIAN
enc
ENC(4) BSD Kernel Interfaces Manual ENC(4) NAME
enc -- Encapsulating Interface SYNOPSIS
To compile this driver into the kernel, place the following line in your kernel configuration file: device enc DESCRIPTION
The enc interface is a software loopback mechanism that allows hosts or firewalls to filter ipsec(4) traffic using any firewall package that hooks in via the pfil(9) framework. The enc interface allows an administrator to see incoming and outgoing packets before and after they will be or have been processed by ipsec(4) via tcpdump(1). The ``enc0'' interface inherits all IPsec traffic. Thus all IPsec traffic can be filtered based on ``enc0'', and all IPsec traffic could be seen by invoking tcpdump(1) on the ``enc0'' interface. What can be seen with tcpdump(1) and what will be passed on to the firewalls via the pfil(9) framework can be independently controlled using the following sysctl(8) variables: Name Defaults Suggested net.enc.out.ipsec_bpf_mask 0x00000003 0x00000001 net.enc.out.ipsec_filter_mask 0x00000001 0x00000001 net.enc.in.ipsec_bpf_mask 0x00000001 0x00000002 net.enc.in.ipsec_filter_mask 0x00000001 0x00000002 For the incoming path a value of 0x1 means ``before stripping off the outer header'' and 0x2 means ``after stripping off the outer header''. For the outgoing path 0x1 means ``with only the inner header'' and 0x2 means ``with outer and inner headers''. incoming path |------| ---- IPsec processing ---- (before) ---- (after) ----> | | | Host | <--- IPsec processing ---- (after) ----- (before) ---- | | outgoing path |------| Most people will want to run with the suggested defaults for ipsec_filter_mask and rely on the security policy database for the outer head- ers. EXAMPLES
To see the packets the processed via ipsec(4), adjust the sysctl(8) variables according to your need and run: tcpdump -i enc0 SEE ALSO
tcpdump(1), bpf(4), ipf(4), ipfw(4), ipsec(4), pf(4), tcpdump(8) BSD
November 28, 2007 BSD