Reputation: 1038
TCP dump filter requests containing certain values
My current tcpdump operation does log all requests on http port on certain interface:
tcpdump -i eth0 -C 100 -W 100 -w traffic port http
problem is, at this point tcpdump is collecting all request (even with sensible information from my login page). At this point I have to egrep through my tcpdump file, and egrep those file to put them out. Is there any way to integrate searching for certain text values in my request, and if they're present - to not log this request to file?
Upvotes: 0
Views: 826
Answers (1)
Reputation: 7959
You could use tshark(the CLI created by wireshark) instead of tcpdump, it allows you to run lua scripts.
It's a rather advanced topic, but worth investigating you can take a look at:
https://wiki.wireshark.org/Lua/Examples
IMHO you should not solve this problem with regex, you are better of blurring sensitive information(print **** ) instead of removing those completely.
Also chances are that sensitive information are being posted to an endpoint like /login and because Tshark parses HTTP protocol in your lua script you could write decisions based on path field.
Upvotes: 1
Related Questions
- tcpdump to filter tcp traffic into csv file
- tcpdump filter src dst port
- tcpdump filter to get all packets with tcp options kind equals to x
- How to filter tcpdump output based on packet length
- pipe tcpdump output to grep multiline pattern
- Python Regular Expressions - Parse Out Port From tcpdump
- Having trouble parsing tcpdump output with regex
- how to dynamically modify the filter in tcpdump
- How does one filter pcap (e.g. tcpdump) files by content regex match?
- What's a tcpdump one-liner to dump a TCP stream that matches a given substring?