Argus/TCPDump/Tshark Date real time

gistfile1.txt

~ apt install tcpdump
~ apt install argus-client


 ~tcpdump -nn -s0 -rYourdump.pcap -w - |argus -r - -AZJmR -w - |ra -n -Zb -L10 -r - -s +dur +synack +ackdat +swin +dwin +rate +ĺoad +tcprtt +loss +runtime +retrans +sgap +dgap - tcp |xargs -d$'\n' -L1 sh -c 'date "+%d.%m.%Y %T $0"'
 
 

#tshark -rsc.cap -Eseparator=, -Tfields -eip.src -etcp.flags.str -eip.dst -etcp.dstport |grep -v ",," |sed 's/"//g;s/[//;s/]//' | sed 's/ /,/g;s/,/:/3' |sed '1i Origen,Flag,Destino,Cant' | ... |jq ' group_by(.Origen)[] | {(.[0].Origen): [.[] | .Destino]}'

tcpdump/argus printer HEX 'potito mode'

tcpdump -nnrmalspam.pcap -s0 -w - |argus -r - -AZJmRU 1024 -w - |ra -L1 -c' ' -n -Zb -r - -Mprinter="hex" -s +dur +rate +ĺoad +runtime +loss +bytes +sbytes +dbytes +appbytes +suser:750 +duser:750 ..