Or ip proto 47 and ip=30000 when just filtering for the GRE encapsulated frames and then looking for the correct port number, based of the first IP header. x bytes of payload (of the packet of interest)įiltering for destination port 30000 (udp only) would mean pick the two bytes at position 14+20+8+8+14+20 of the frame and compare the value to 30000.tshark -f 'tcp src port 22' -Tfields -e ip.dst Add the IP address (es) to /root/sship in a newline-delimited format. Observe any IP addresses printed after several seconds. 8 bytes UDP header (of the packet of interest) Use a tshark capture filter that prints the IP address of hosts sending traffic to the test workstation on TCP port 22.20 bytes IP header (of the packet of interest).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |