Counting non RST packets?

Question

It is possible to count connections who do not respond with RST flag set in connection initiated ? I am interested to log IP, MAC and TTL.

score 1 · Answer 1 · edited Mar 20 '17 at 10:17

1

It should be possible using standard tools such as tcpdump.

See this reply to another question. It provides an example of processing tcpdump output in real time using a scripting language. I believe that could be extended to do what you want. Substitute your favourite scripting language.

edited Mar 20 '17 at 10:17

Community

1

answered Mar 12 '12 at 13:24

RedGrittyBrick

81,981
20
135
205

I want to **pairing** in real time one-to-one syn packets (who began a connection) with ACK packets. In this way I want to know IP, MAC and TTL for syn-flood connections. Also, I want to pairing packets with ACK set incorrectly with RST packets. And I have no idea how to ... – georgian Mar 14 '12 at 07:45

Counting non RST packets?

1 Answers1