Shows a list of the top 10 Source IP-addresses that starts a new TCP connection (SYN).
# tcpdump -nnt -i Lan1 "tcp[tcpflags] & (tcp-syn) != 0" and "tcp[tcpflags] & (tcp-ack) == 0" >/var/log/tmp/lan1_syn.txt
# awk '{print $2}' /var/log/tmp/lan1_syn.txt | sed 's/.[^.]*$//'| sort -n | uniq -c | sort -n | tail -n10
No comments:
Post a Comment