The next example shows how the packet number decreases as we successively add these requirements to a tcpdump filter expression. For example, we may be interested in HTTP traffic between the IP addresses 192.168.1.1 and 10.10.10.50 from the intrusion investigation scenario.
This is too many frames to simply scan through by hand, so it will need to be filtered down. Reading from file scenario.pcap, link-type EN10MB (Ethernet)Īs expected, we see the output 31263, confirming the capinfos output for number of frames. Since tcpdump outputs one packet per line of text output by default, this should give us the number of packets. We can verify this by reading the network capture and sending the text output to the command wc –l, which will provide a line count. According to the capinfos output, this capture file had over 31,623 frames. In an earlier example, we used the capinfos command to footprint a capture file. Example: Filtering a Capture File to Reduce Size
0 kommentar(er)
