AzizAhmad
Reputation: 647
tcpdump get unique IPs requesting on specific port
I want to dump unique IPs that are requesting on specific port(10301 for example). I've used command below:
sudo tcpdump port 10301 -nn -q ip -l | awk '{ ip = gensub(/([0-9]+.[0-9]+.[0-9]+.[0-9]+)(.*)/,"\\1","g",$3); if(!d[ip]) { print ip; d[ip]=1; fflush(stdout) } }'
derived from this link. but I'm getting this error:
tcpdump: syntax error
output without port 10301 in the command:
5.22.96.170
100.116.219.232
100.123.221.113
172.17.108.177
100.120.83.187
100.123.95.221
Upvotes: 1
Views: 1439
Answers (1)
lojza
Reputation: 1891
I'm affraid you're mixing options and expressions of tcpdump, please check man tcpdump and try:
sudo tcpdump -nn -q -l ip and port 80 | awk '{ ip = gensub(/([0-9]+.[0-9]+.[0-9]+.[0-9]+)(.*)/,"\\1","g",$3); if(!d[ip]) { print ip; d[ip]=1; fflush(stdout) } }'
Upvotes: 2
Related Questions
- Extract unique IPs from live tcpdump capture
- How can I dump only outgoing IP packets in tcpdump?
- Monitoring multiple ports in tcpdump
- tcpdump - resolve IP and skip resolving ports
- How to count number of packets received from a specific host?
- How can i extract only the destination ports from a TCPDUMP file
- TCPDump output with no time stamps and IP and ports only
- about tcpdump option - Get IP and protocol name
- How to print IP address using tcpdump and awk?
- tcpdump: Output only source and destination addresses