about tcpdump
marcus
marcus.dicotomia at archlinux.com.br
Tue Apr 20 11:49:05 UTC 2010
On Thursday 15 April 2010 22:16:45 Michael Hughes wrote:
> On Thu, 15 Apr 2010 23:37:09 +0300
>
> Yavuz Maşlak <yavuz.maslak at netiletisim.net> wrote:
> > I have a network. I wish to log all incoming and outgoing trafficc
> > using tcpdump on my gateway server. But I don't want to log these
> > traffic's data because of they take up much on disk.
> > I only want to log which ports were used, which ip addresses were
> > reached. How can I do these using tcpdump ?
> > Could you give me an example or docs?
> > I use freebsd7.2
>
> Have you thought about using ARGUS (Audit Record Generation and
> Utilization System)?
tcpdump syntax for a specific host:
#tcpdump -i rl0 -n host 10.10.0.1
rl0 = interface
10.10.0.1 = your host
tcpdump syntax for a specific port:
#tcpdump -i rl0 -n port 22
22 = your port
However your questions is more about filtering data using shell scripts that
tcpdump syntax. If you isn't mastered it, tool as ARGUS are a good choice.
More information about the freebsd-questions
mailing list