:: Top 10 web servers: ra -nn -r [argus_file] -s daddr - tcp and dst port 80 | awk '{print$1}' | sort | uniq -c | sort -nr | head -n 10
:: Top 10 FTP servers: ra -nn -r [argus_file] -s daddr - tcp and dst port 21 | awk '{print$1}' | sort | uniq -c | sort -nr | head -n 10
:: Top 10 SMTP servers: ra -nn -r [argus_file] -s daddr - tcp and dst port 25 | awk '{print$1}' | sort | uniq -c | sort -nr | head -n 10
:: Top 10 SMTP clients: ra -nn -r [argus_file] -s saddr - tcp and dst port 25 | awk '{print$1}' | sort | uniq -c | sort -nr | head -n 10
:: Top 10 protocols: ra -n -r [argus_file] -s proto | awk '{print$1}' | sort | uniq -c | sort -nr | head -n 10
:: Top 10 TCP ports: ra -nn -r [argus_file] -s dport - tcp | awk '{print$1}' | sort | uniq -c | sort -nr | head -n 10
:: Top 10 UDP ports: ra -nn -r [argus_file] -s dport - udp | awk '{print$1}' | sort | uniq -c | sort -nr | head -n 10
:: Top 10 source (client) IPs: ra -nn -r [argus_file] -s saddr - not arp | awk '{print$1}' | sort | uniq -c | sort -nr | head -n 10
:: Top 10 destination (server) IPs: ra -nn -r [argus_file] -s daddr - not arp | awk '{print$1}' | sort | uniq -c | sort -nr | head -n 10
:: Top 10 host-pairs: ra -nn -r [argus_file] -s proto saddr dir daddr | grep -v man | awk '{print$2$3$4}' | sort | uniq -c | sort -nr | head -n 10
No comments:
Post a Comment