четверг, 04 октября 2012
exipick - альтернатива exiqgrep
Интересно, как его заставить искать по пустому from. надо разобраться
Интересно, как его заставить искать по пустому from. надо разобраться
среда, 03 октября 2012
На чтение - Грамши
Дела.
1. Если таки заставят
stackoverflow.com/questions/10300656/capture-in...
Копипаста:
or this equivalent formulation:
читать дальше
On my system this resolves to something like:
читать дальше
If you want to see all of the traffic to your destination host, not just TCP protocol traffic you could do:
читать дальше
Some notes:
I changed '$myIpAddress/$myNetworkBytes' to '$MyNetworkAddress/$myNetworkBytes'. This is because the apparent intent of your rule is to exclude traffic from your local network, and the correct way to specify a network address is to specify the network's lowest IP address (which is called the network address) / netmask. If you specify any address other than the lowest address in the range for a network with a netmask of $myNetworkBytes, then you will get the error message:
tcpdump: non-network bits set in "10.0.0.3/24"
In the first example 'tcp' is a keyword in the libpcap expression language (man pcap-filter) , whereas in the second example, 'tcp' is used as a value of 'ip proto'. In order to indicate that the 'tcp' in the second instance is a value and not another 'tcp' keyword, I need to escape the 'tcp' with a double backslash. It has to be a double backslash so that the Bash interpreter will pass a single backslash on to the libpcap interpreter (Bash eats the first backslash, libpcap gets the second.) To reduce the double escape confusion, it might be good to get into the habit of double quoting the entire expression part of the command:
tcpdump -i eth0 "ip proto \tcp and dst host $MyIpAddress and not src net $MyNetworkAddress/$myNetworkBytes"
To avoid warnings and surprises, it is better to use the interface specifier '-i eth0' or whatever interface you wish. Not all interfaces necessarily have an IP address assigned and without being specific, you might see traffic that you hadn't intended to see. This is especially true on systems that have the network-manager running, which seems to have its own mind about what interfaces to add and when.
2. Сравнение дат в ruby. По возможности, распарсить rss-таки
Дела.
1. Если таки заставят
stackoverflow.com/questions/10300656/capture-in...
Копипаста:
or this equivalent formulation:
читать дальше
On my system this resolves to something like:
читать дальше
If you want to see all of the traffic to your destination host, not just TCP protocol traffic you could do:
читать дальше
Some notes:
I changed '$myIpAddress/$myNetworkBytes' to '$MyNetworkAddress/$myNetworkBytes'. This is because the apparent intent of your rule is to exclude traffic from your local network, and the correct way to specify a network address is to specify the network's lowest IP address (which is called the network address) / netmask. If you specify any address other than the lowest address in the range for a network with a netmask of $myNetworkBytes, then you will get the error message:
tcpdump: non-network bits set in "10.0.0.3/24"
In the first example 'tcp' is a keyword in the libpcap expression language (man pcap-filter) , whereas in the second example, 'tcp' is used as a value of 'ip proto'. In order to indicate that the 'tcp' in the second instance is a value and not another 'tcp' keyword, I need to escape the 'tcp' with a double backslash. It has to be a double backslash so that the Bash interpreter will pass a single backslash on to the libpcap interpreter (Bash eats the first backslash, libpcap gets the second.) To reduce the double escape confusion, it might be good to get into the habit of double quoting the entire expression part of the command:
tcpdump -i eth0 "ip proto \tcp and dst host $MyIpAddress and not src net $MyNetworkAddress/$myNetworkBytes"
To avoid warnings and surprises, it is better to use the interface specifier '-i eth0' or whatever interface you wish. Not all interfaces necessarily have an IP address assigned and without being specific, you might see traffic that you hadn't intended to see. This is especially true on systems that have the network-manager running, which seems to have its own mind about what interfaces to add and when.
2. Сравнение дат в ruby. По возможности, распарсить rss-таки