Tcpdump advanced filters

Question

i want ask for command can Get only the IPs have more then 1 connection with different source port

xxx.xxx.xxx.xxx:X | xxx.xxx.xxx.xxx:Y (example)

if IP1 has connection to server with Src Port X and IP1 has another Connection with SourcePort Y

tcpdump will print the IP for as Filter condition

can tcpdump do this or can use another tool ?

check tshark/wireshark – Hrvoje Špoljar Oct 30 '14 at 18:12 — Hrvoje Špoljar, Oct 30 '14 at 18:12

score 1 · Answer 1 · answered Oct 30 '14 at 11:24

1

Probably not, as tcpdump filters are based on each packet as it comes in. To the best of my knowledge, tcpdump does not have any awareness of other packets that have come in and can't base capture/not-capture decisions based on what else has been seen. Filters grab specific packets based on the contents of each packet as it comes in.

You will have to use another analytic tool to find what you're looking for.

answered Oct 30 '14 at 11:24

sysadmin1138

133,124
18
176
300

can you provide me some tools can be function ? – extrem Nov 12 '14 at 23:37
@extrem Unfortunately, I don't know. All of my work is between known endpoints, I haven't had to get familiar with the more sophisticated network monitors. – sysadmin1138 Nov 13 '14 at 00:36

Tcpdump advanced filters

1 Answers1