WIRESHARK

JUST HTTP

!( tcp.port == 389) and !( tcp.port == 11211) and !( tcp.port == 1521) and !ssh and !dlm3 and !(ip.src == 139.230.244.128) and !(ip.src == 10.67.124.6) and !(ip.dst == 10.67.124.6)

tcp.port == 80 and !(ip.dst == 10.31.66.91) and !(ip.src == 10.31.66.91) and !(ip.src == 10.67.124.6) and !(ip.dst == 10.67.124.6) and !(ip.src == 10.67.124.8) and !(ip.dst == 10.67.124.8)

!( tcp.port == 1521)

http and ip.dst == 10.1.122.0/24 and ip.src == 10.1.122.0/24
http and ip.dst == 10.67.124.0/24 and ip.src == 10.67.124.0/24

ip.src == 10.31.66.91 or ip.dst == 10.31.66.91 and http

http and ip.dst != 139.230.244.129 and ip.src != 139.230.244.129 and ip.dst != 139.230.80.11 and ip.src != 139.230.80.11

# tcpdump -nnvvXSs 0 -i eth0 tcp -w /tmp/`hostname`_tcpdump_`date +%Y-%m-%dT%H-%M-%S`.pcap

# tcpdump -nnvvXSs 0 -i lo tcp and src 10.1.122.131 -w /tmp/`hostname`_tcpdump_`date +%Y-%m-%dT%H-%M-%S`.pcap

# tcpdump -nnvvXSs 0 -i eth0 tcp and src net 10.31.71.0/24 -w /app/wcms.ecu/tmp/`hostname`_tcpdump_`date +%Y-%m-%dT%H-%M-%S`.pcap

# tcpdump -nnvvXSs 0 tcp and dst 139.230.80.11 -w /app/wcms.ecu/tmp/`hostname`_tcpdump_`date +%Y-%m-%dT%H-%M-%S`.pcap
# tcpdump -nnvvXSs 0 tcp and src 10.1.122.6 -w /app/wcms.ecu/tmp/`hostname`_tcpdump_`date +%Y-%m-%dT%H-%M-%S`.pcap
# tcpdump -nnvvXSs 0 tcp and dst 10.1.122.8 -w /app/wcms.ecu/tmp/`hostname`_tcpdump_`date +%Y-%m-%dT%H-%M-%S`.pcap