[Précédent (date)] [Suivant (date)] [Précédent (sujet)] [Suivant (sujet)] [Index par date] [Index par sujet]
tcpdump expression
- To:
- Subject: tcpdump expression
- From: Nicolas Couture <>
- Date: Wed Jun 5 17:49:00 2002
- Newsgroups: qc.comp.os.linux.aide
- User-agent: KNode/0.7.1
J'ai ici un fichier de regles pour tcpdump, quand j'essaies de l'utiliser,
je recois l'erreure "tcpdump: parse error"
expression.tcp
<snip>
tcpdump -i eth0 'tcp[13] & 2 == 2' -s 0 -vvv -c 5000 -w
/var/log/tcpDump/ethn/eth0
tcpdump -i eth1 'tcp[13] & 2 == 2' -s 0 -vvv -c 5000 -w
/var/log/tcpDump/ethn/eth1
tcpdump -i eth0 'tcp[13] & 2 == 2' -s 0 -vvv -c 5000 -w
/var/log/tcpDump/ethn/eth0
tcpdump -i eth1 'tcp[13] & 2 == 2' -s 0 -vvv -c 5000 -w
/var/log/tcpDump/ethn/eth1
tcpdump -i eth2 'tcp[13] & 2 == 2' -s 0 -vvv -c 5000 -w
/var/log/tcpDump/ethn/eth2
tcpdump 'tcp[13] & 2 == 2 && dst net 192.168.100.0 ' -c 5000 -s 0 -vvv
-w /var/log/tcpDump/nets/100.0
tcpdump -i eth0 'tcp[13] & 2 == 2' -s 0 -vvv -c 5000 -w
/var/log/tcpDump/ethn/eth0
tcpdump -i eth1 'tcp[13] & 2 == 2' -s 0 -vvv -c 5000 -w
/var/log/tcpDump/ethn/eth1
tcpdump -i eth2 'tcp[13] & 2 == 2' -s 0 -vvv -c 5000 -w
/var/log/tcpDump/ethn/eth2
tcpdump 'tcp[13] & 2 == 2 && dst net 192.168.100.0 ' -c 5000 -s 0 -vvv
-w /var/log/tcpDump/nets/100.0
tcpdump 'tcp[13] & 2 == 2 && dst net 192.168.1.0 ' -c 5000 -s 0 -vvv -w
/var/lqog/tcpDump/nets/1.0
tcpdump -i eth2 'tcp[13] & 2 == 2 && ! src net 192.168.100.0 || net
192.168.1.0'-c
5000 -vvv -s 0 -w /var/log/tcpDump/nets/external
tcpdump tcp host middle and server -c 5000 -s 0 -vvv -w
/var/log/tcpDump/hosts/tcpbetween
tcpdump ip host middle and server -c 5000 -s 0 -vvv -w
/var/log/tcpDump/hosts/ipbetween
tcpdump -i eth0 'icmp[icmptype] != icmp-echo and icmp[icmptype] !=
icmp-echoreply
&& ! src net 192.168.100.0 || 192.168.1.0' -s 0 -vvv -c 5000 -w
/var/log/tcpDump/nets/external_eth0
tcpdump -i eth1 'icmp[icmptype] != icmp-echo and icmp[icmptype] !=
icmp-echoreply
&& ! src net 192.168.100.0 || 192.168.1.0' -s 0 -vvv -c 5000 -w
/var/log/tcpDump/nets/external_eth1
tcpdump -i eth2 'icmp[icmptype] != icmp-echo and icmp[icmptype] !=
icmp-echoreply
&& ! src net 192.168.100.0 || 192.168.1.0' -s 0 -vvv -c 5000 -w
/var/log/tcpDump/nets/external_eth2
tcpdump -i eth0 'tcp[13] & 2 == 2' -s 0 -vvv -c 5000 -w
/var/log/tcpDump/ethn/eth0
tcpdump -i eth1 'tcp[13] & 2 == 2' -s 0 -vvv -c 5000 -w
/var/log/tcpDump/ethn/eth1
tcpdump -i eth2 'tcp[13] & 2 == 2' -s 0 -vvv -c 5000 -w
/var/log/tcpDump/ethn/eth2
tcpdump 'tcp[13] & 2 == 2 && dst net 192.168.100.0 ' -c 5000 -s 0 -vvv
-w /var/log/tcpDump/nets/100.0
tcpdump 'tcp[13] & 2 == 2 && dst net 192.168.1.0 ' -c 5000 -s 0 -vvv -w
/var/log/tcpDump/nets/1.0
tcpdump -i eth2 'tcp[13] & 2 == 2 && ! src net 192.168.100.0 || net
192.168.1.0'
-c 5000 -vvv -s 0 -w /var/log/tcpDump/nets/external
tcpdump tcp host middle and server -c 5000 -s 0 -vvv -w
/var/log/tcpDump/hosts/tcpbetween
tcpdump ip host middle and server -c 5000 -s 0 -vvv -w
/var/log/tcpDump/hosts/ipbetween
tcpdump -i eth0 'icmp[icmptype] != icmp-echo and icmp[icmptype] !=
icmp-echoreply
&& ! src net 192.168.100.0 || 192.168.1.0' -s 0 -vvv -c 5000 -w
/var/log/tcpDump/nets/external_eth0
tcpdump -i eth1 'icmp[icmptype] != icmp-echo and icmp[icmptype] !=
icmp-echoreply
&& ! src net 192.168.100.0 || 192.168.1.0' -s 0 -vvv -c 5000 -w
/var/log/tcpDump/nets/external_eth1
tcpdump -i eth2 'icmp[icmptype] != icmp-echo and icmp[icmptype] !=
icmp-echoreply
&& ! src net 192.168.100.0 || 192.168.1.0' -s 0 -vvv -c 5000 -w
/var/log/tcpDump/nets/external_eth2
tcpdump -i eth2 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 && ! src net
192.168.100.0
' -s 0 -vvv -c 5000 -w /var/log/tcpDump/nets/established
tcpdump dst port 22 -s 0 -vvv -c 5000 -w /var/log/tcpDump/ethn/ssh_auth
tcpdump dst port 23 -s 0 -vvv -c 5000 -w /var/log/tcpDump/ethn/telnet_auth
tcpdump dst port 513 -s 0 -vvv -c 5000 -w
/var/log/tcpDump/ethn/remote_login
tcpdump tcp port 512 -s 0 -vvv -c 5000 -w
/var/log/tcpDump/ethn/remote_proc_exec
tcpdump dst port 389 -s 0 -vvv -c 5000 -w /var/log/tcpDump/ethn/ldap_auth
tcpdump -i eth2 dst port 22 -s 0 -vvv -c 5000 -w
/var/log/tcpDump/nets/ssh_auth_eth2
tcpdump -i eth2 dst port 23 -s 0 -vvv -c 5000 -w
/var/log/tcpDump/nets/telnet_auth_eth2
tcpdump -i eth2 dst port 513 -s 0 -vvv -c 5000 -w
/var/log/tcpDump/nets/remote_login_eth2
tcpdump -i eth2 tcp port 512 -s 0 -vvv -c 5000 -w
/var/log/tcpDump/nets/remote_proc_exec_eth2
tcpdump -i eth2 dst port 389 -s 0 -vvv -c5000
-w/var/log/tcpDump/nets/ldap_auth_eth2
<snip>
Si vous ne voyez rien qu'il n'est pas a sa place, j'aimerais savoir s'il y a
un moyen de faire parler tcpdump pour qu'il me donne d'avantage de donnees
concernant cette erreure.
Merci,
Nicolas Couture