{"id":28,"date":"2012-02-19T15:53:10","date_gmt":"2012-02-19T14:53:10","guid":{"rendered":"http:\/\/blog.jeremm.fr\/?p=28"},"modified":"2014-09-24T22:15:44","modified_gmt":"2014-09-24T20:15:44","slug":"commandes-tcpdump-et-netstat","status":"publish","type":"post","link":"https:\/\/blog.jeremm.fr\/?p=28","title":{"rendered":"Commandes tcpdump et netstat"},"content":{"rendered":"<h4>TCPDUMP<\/h4>\n<p>Tout sauf le ssh :<\/p>\n<pre lang=\"bash\">tcpdump -n port not 22<\/pre>\n<p>Tout sauf moi :<\/p>\n<pre lang=\"bash\">tcpdump -n host not <IP><\/pre>\n<p>Les paquets syn et ack sur le port 80 :<\/p>\n<pre lang=\"bash\">tcpdump -n tcp and port 80 and 'tcp[tcpflags] & tcp-syn == tcp-syn'<\/pre>\n<p>Les paquets syn sur le port 80 :<\/p>\n<pre lang=\"bash\">tcpdump -n tcp and port 80 and 'tcp[tcpflags] == tcp-syn'<\/pre>\n<p>Les paquets arp ou ping :<\/p>\n<pre lang=\"bash\">tcpdump -enqti eth0 \\( arp or icmp \\)<\/pre>\n<h4>NETSTAT<\/h4>\n<p>Le nombre de connexions sur le port 80 :<\/p>\n<pre lang=\"bash\">netstat -nt | grep \":80\" | awk '{print $5}' | cut -d':' -f1 | sort | uniq -c<\/pre>\n<p>Port qui \u00e9coute :<\/p>\n<pre lang=\"bash\">netstat -tulpn<\/pre>\n<p>Nomre de connexions :<\/p>\n<pre lang=\"bash\">netstat -nt | wc -l<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>TCPDUMP Tout sauf le ssh : tcpdump -n port not 22 Tout sauf moi : tcpdump -n host not Les paquets syn et ack sur le port 80 : tcpdump -n tcp and port 80 and &lsquo;tcp[tcpflags] &#038; tcp-syn == tcp-syn&rsquo; Les paquets syn sur le port 80 : tcpdump -n tcp and port 80 <a href='https:\/\/blog.jeremm.fr\/?p=28' class='excerpt-more'>[&#8230;]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[7,4],"tags":[29,28],"_links":{"self":[{"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/posts\/28"}],"collection":[{"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=28"}],"version-history":[{"count":18,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/posts\/28\/revisions"}],"predecessor-version":[{"id":942,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/posts\/28\/revisions\/942"}],"wp:attachment":[{"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=28"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=28"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=28"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}