28 Mar
2018
28 Mar
'18
5:43 p.m.
All these should be good now, I've check the
upgrade and it's on the newest
code. Please let me know if you see anything else.
I'll run another scan (actually: a trace) tonight.
It has to run for about 8-10 hours to catch everything, it appears.
I just trace for SYN to port 8291 and get the source addresses. Unfortunately it cannot
be done using a simple
tshark -i eth0 -f "tcp dst port 8291"
because tshark collects session state information and its memory use balloons under
the millions of session open attempts it sees.
So I use:
while true
do
tshark -i eth0 -f "tcp dst port 8291" -c 20000 | fgrep '[SYN]' |
sed -e 's/ ->.*//' -e 's/.* //' >>/tmp/syn8291
done
Of course it would also be possible to limit it to AMPRnet:
tshark -i eth0 -f "tcp dst port 8291 and src net 44.0.0.0/8"
Rob