實用技巧
通用語法
條件語法:
==
!=
>
<
>=
<=
in邏輯語法:
&& # AND
|| # OR
! # NOT常用篩選:
- type: host, port
- dir: src, dst
- proto: tcp, udp, ftp, http
SIP 相關
tcpdump
timeout 6m tcpdump -i eth0 host <sip-trunk-ip> -n -s 0 -vvvv -w carrier.pcapWireshark
- 更多與 sip 有關的 filter 語法:https://www.wireshark.org/docs/dfref/s/sip.html
只顯示 REGISTER 行,Filter: sip.CSeq.method == REGISTER
其他
遠端監聽指令
ssh root@192.168.0.1 tcpdump -n -i any -w- 'not \( port 22 and host 192.168.0.1 \)' |etherape -r-Filter 速查表
For Cybersecurity
