[root@mail 26]# ls
nfcapd.201512261440 nfcapd.201512261445 nfcapd.201512261450 nfcapd.201512261455
List Flows:
nfdump -r nfcapd.201512261440 -c 10
Create TopN Statistics Packets/Bytes:
nfdump -r nfcapd.201512261440 -n 10 -s record/bytesnfdump -r nfcapd.201512261440 -n 10 -s record/packets
Create TopN statistics IP addresses, Ports:
nfdump -r nfcapd.201512261440 -n 10 -s dstport
nfdump -r nfcapd.201512261440 -n 10 -s srcip
List the first 20 tcp flows:
nfdump -r nfcapd.201512261440 -c 20 'proto tcp'
Show the top 15 IP addresses consuming most bandwidth
nfdump -r nfcapd.201512261440 -n 15 -s ip/bps
Show port scanning candidates:
nfdump -r nfcapd.201512261440 -A srcip,dstport -s record/packets 'not proto icmp and bytes < 100
and bpp < 100 and packets < 5 and not port 80 and not port 53 and not port 110 and not port 123'
Show the top 15 /24 subnets exchanging most traffic:
0 回應:
張貼留言