The every day things from Thalamus' life.

Thalamus' Blog

28 February, 2013

tcp syn-snooping mixed with perl one-liner

Filed under: ComputerStuff_en — Thalamus @ 14:16

Task : do a tcpdump of syn packages where the host where not named by a pattern.

At work we are now killing the older fast-search servers and the task was to snoop the network for traffic that might use the servers still. We didn’t care about the other fast servers and luckily they all had dns records. So, the solution was a nice mix of tcpdump and a perl one-liner.

tcpdump -s0 tcp[tcpflags] = tcp-syn | perl -ne 'print if ! m/IP fast\d{1,2}/'

So, the log …

13:01:59.283862 IP ec2-46-51-173-25.eu-west-1.compute.amazonaws.com.44607 > fast8.nb.no.ssh: S ........

Dropping of the info if the first hostname matched eg. fast6, fast11 … etc.

• • •