tcpdump -w flagdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0'
Wednesday, May 5, 2010
Using tcpdump to only capture SYN and FIN packets
Sometimes with a network capture, all you want to know is when a session starts and when it finishes. So you don't actually want to capture anything beyond the session start and finish handshakes. Here's how to do it:
Subscribe to:
Post Comments (Atom)
About Me
- regis
- Regis has worked as a network engineer since 1994 for small companies and for large companies.
No comments:
Post a Comment