[Précédent (date)] [Suivant (date)] [Précédent (sujet)] [Suivant (sujet)] [Index par date] [Index par sujet]

tcpdump expression



J'ai ici un fichier de regles pour tcpdump, quand j'essaies de l'utiliser, 
je recois l'erreure "tcpdump: parse error"

expression.tcp
<snip>
tcpdump -i eth0 'tcp[13] & 2  == 2' -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/ethn/eth0
tcpdump -i eth1 'tcp[13] & 2  == 2' -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/ethn/eth1
tcpdump -i eth0 'tcp[13] & 2  == 2' -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/ethn/eth0
tcpdump -i eth1 'tcp[13] & 2  == 2' -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/ethn/eth1
tcpdump -i eth2 'tcp[13] & 2  == 2' -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/ethn/eth2

tcpdump 'tcp[13] & 2  == 2 && dst net 192.168.100.0 ' -c 5000 -s 0 -vvv
-w /var/log/tcpDump/nets/100.0
tcpdump -i eth0 'tcp[13] & 2  == 2' -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/ethn/eth0
tcpdump -i eth1 'tcp[13] & 2  == 2' -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/ethn/eth1
tcpdump -i eth2 'tcp[13] & 2  == 2' -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/ethn/eth2

tcpdump 'tcp[13] & 2  == 2 && dst net 192.168.100.0 ' -c 5000 -s 0 -vvv
-w /var/log/tcpDump/nets/100.0
tcpdump 'tcp[13] & 2  == 2 && dst net 192.168.1.0 ' -c 5000 -s 0 -vvv -w
/var/lqog/tcpDump/nets/1.0
tcpdump -i eth2 'tcp[13] & 2  == 2 && ! src net 192.168.100.0 || net 
192.168.1.0'-c
5000 -vvv -s 0 -w /var/log/tcpDump/nets/external

tcpdump tcp host middle and server -c 5000 -s 0 -vvv -w 
/var/log/tcpDump/hosts/tcpbetween
tcpdump ip host middle and server -c 5000 -s 0 -vvv -w 
/var/log/tcpDump/hosts/ipbetween

tcpdump -i eth0 'icmp[icmptype] != icmp-echo and icmp[icmptype] != 
icmp-echoreply
&& ! src net 192.168.100.0 || 192.168.1.0' -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/nets/external_eth0

tcpdump -i eth1 'icmp[icmptype] != icmp-echo and icmp[icmptype] != 
icmp-echoreply
&& ! src net 192.168.100.0 || 192.168.1.0' -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/nets/external_eth1

tcpdump -i eth2 'icmp[icmptype] != icmp-echo and icmp[icmptype] != 
icmp-echoreply
&& ! src net 192.168.100.0 || 192.168.1.0' -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/nets/external_eth2
tcpdump -i eth0 'tcp[13] & 2  == 2' -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/ethn/eth0
tcpdump -i eth1 'tcp[13] & 2  == 2' -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/ethn/eth1
tcpdump -i eth2 'tcp[13] & 2  == 2' -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/ethn/eth2

tcpdump 'tcp[13] & 2  == 2 && dst net 192.168.100.0 ' -c 5000 -s 0 -vvv
-w /var/log/tcpDump/nets/100.0
tcpdump 'tcp[13] & 2  == 2 && dst net 192.168.1.0 ' -c 5000 -s 0 -vvv -w
/var/log/tcpDump/nets/1.0
tcpdump -i eth2 'tcp[13] & 2  == 2 && ! src net 192.168.100.0 || net 
192.168.1.0'
-c 5000 -vvv -s 0 -w /var/log/tcpDump/nets/external

tcpdump tcp host middle and server -c 5000 -s 0 -vvv -w 
/var/log/tcpDump/hosts/tcpbetween
tcpdump ip host middle and server -c 5000 -s 0 -vvv -w 
/var/log/tcpDump/hosts/ipbetween

tcpdump -i eth0 'icmp[icmptype] != icmp-echo and icmp[icmptype] != 
icmp-echoreply
&& ! src net 192.168.100.0 || 192.168.1.0' -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/nets/external_eth0

tcpdump -i eth1 'icmp[icmptype] != icmp-echo and icmp[icmptype] != 
icmp-echoreply
&& ! src net 192.168.100.0 || 192.168.1.0' -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/nets/external_eth1

tcpdump -i eth2 'icmp[icmptype] != icmp-echo and icmp[icmptype] != 
icmp-echoreply
&& ! src net 192.168.100.0 || 192.168.1.0' -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/nets/external_eth2

tcpdump -i eth2 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 && ! src net 
192.168.100.0
' -s 0 -vvv -c 5000 -w /var/log/tcpDump/nets/established


tcpdump  dst port 22  -s 0 -vvv -c 5000 -w /var/log/tcpDump/ethn/ssh_auth
tcpdump  dst port 23  -s 0 -vvv -c 5000 -w /var/log/tcpDump/ethn/telnet_auth
tcpdump  dst port 513  -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/ethn/remote_login
tcpdump  tcp port 512  -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/ethn/remote_proc_exec
tcpdump  dst port 389  -s 0 -vvv -c 5000 -w /var/log/tcpDump/ethn/ldap_auth


tcpdump -i eth2 dst port 22  -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/nets/ssh_auth_eth2
tcpdump -i eth2 dst port 23  -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/nets/telnet_auth_eth2
tcpdump -i eth2 dst port 513  -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/nets/remote_login_eth2
tcpdump -i eth2 tcp port 512  -s 0 -vvv -c 5000 -w 
/var/log/tcpDump/nets/remote_proc_exec_eth2
tcpdump -i eth2 dst port 389  -s 0 -vvv -c5000 
-w/var/log/tcpDump/nets/ldap_auth_eth2

<snip>

Si vous ne voyez rien qu'il n'est pas a sa place, j'aimerais savoir s'il y a 
un moyen de faire parler tcpdump pour qu'il me donne d'avantage de donnees 
concernant cette erreure. 

Merci,
        Nicolas Couture