28 Mar
2018
28 Mar
'18
6:56 p.m.
A central syslog and firewalled 8291 ports with
logging would be a better solution imho :)
Grep seems less of a strain than tshark and would be quicker I imagine
If you would want to do this permanently, yes. But this is only something I would run
maybe
for 3-4 days and then be bored.
First night I did the tshark logging without the postprocessing (so file gets the
1-line-per-packet
trace info) and it collected 500MB in a single night. Maybe you don't want that all
in the syslog...
Now I keep only the source addresses,
Rob
2443
days inactive
2443
days old
0 comments
1 participants
participants (1)
-
Rob Janssen