![]() The following filter called MySubnet captures traffic on the subnet mask 255.255.255.0, or /24 in CIDR notation: C:\Test> pktmon filter add MySubnet -i 10.10.10. From your comment to EMKs answer, it seems what youre looking for is a unique list of source IP addresses in a capture file. The following filter called MySmbSyb captures TCP synchronized SMB traffic: C:\Test> pktmon filter add MySmbSyn -i 10.10.10.10 -t TCP SYN -p 445 The following filter called MyPing pings 10.10.10.10 using the ICMP protocol: C:\Test> pktmon filter add MyPing -i 10.10.10.10 -t ICMP The following filter will capture all the SYN packets sent or received by the IP address 10.0.0.10: C:\Test> pktmon filter add -i 10.0.0.10 -t tcp syn C:\Test> pktmon filter add -i 10.0.0.10 -t icmp The following set of filters will capture any ICMP traffic from or to the IP address 10.0.0.10 along with any traffic on port 53. ![]() Custom VXLAN port is optional, and defaults to 4789. ![]() Supported encapsulation methods are VXLAN, GRE, NVGRE, and IP-in-IP. Match RCP heartbeat messages over UDP port 3343.Īpply above filtering parameters to both inner and outer encapsulation headers. To match by subnet, use CIDR notation with the prefix length. Supported flags are FIN, SYN, RST, PSH, ACK, URG, ECE, and CWR. To further filter TCP packets, an optional list of TCP flags to match can be provided. Can be TCP, UDP, ICMP, ICMPv6, or a protocol number. Can be IPv4, IPv6, ARP, or a protocol number. Match by VLAN ID (VID) in the 802.1Q header. You can supply parameters for Ethernet frame, IP header, TCP/UDP header, cluster heartbeat, and encapsulation. It will not distinguish between source or destination for this purpose. When two MACs (-m), IPs (-i), or ports (-p) are specified, the filter matches packets that contain both.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |