|
On Thu, Aug 09, 2001 at 06:42:40PM -0700, Peter Mueller wrote:
> thanks Horms,
>
> is there a tcpdump command that you guys recommend? perhaps just syn
> requests?
This is definatley getting into the realms of a hack but the following
should show you the start of all sessions:
tcpdump -p -i eth0 -n 'tcp[13] == 2' and dst port 80 and dst host 192.168.7.1
Where:
-p: Turn off promiscuous mode. You shouldn't need promiscous mode
as the packets are coming into the machine anyway.
tcp[13] == 2: Match only packets that only have they SYN bit set.
eth0: The interface that your VIP is on.
80: The port for your Virtual Service
192.168.7.1: The VIP
--
Horms
|
