Be quiet, look only at tcp packets with either source or dest port 80 on interface eth1, look for anything matching 'www'.
ngrep -qd eth1 'www' tcp port 80
Look at all packets with either source or dest port 53 on interface le0, that match match 'in-addr'. Be quiet.
ngrep -qd server in-addr port 53
Look only at tcp packets with either source or dest port 21, look for anything resembling an FTP login.
ngrep 'USER|PASS' tcp port 21
Look at tcp packets with either source or dest port 21, that match either 'user' or 'pass' (case insensitively) as a word.
ngrep -wi 'user|pass' tcp port 21
No comments:
Post a Comment