WIRESHARK
JUST HTTP
NOT THIS AND NOT THAT AND NOT THAT EITHER
!( tcp.port == 389) and !( tcp.port == 11211) and !( tcp.port == 1521) and !ssh and !dlm3 and !(ip.src == 139.230.244.128) and !(ip.src == 10.67.124.6) and !(ip.dst == 10.67.124.6)
NOT ME OR APP SWITCH
tcp.port == 80 and !(ip.dst == 10.31.66.91) and !(ip.src == 10.31.66.91) and !(ip.src == 10.67.124.6) and !(ip.dst == 10.67.124.6) and !(ip.src == 10.67.124.8) and !(ip.dst == 10.67.124.8)
NOT PORT X
!( tcp.port == 1521)
APP SWITCH CONNECTIONS - DEPENDS ON CAMPUS LOCATION OF REAL SERVER
http and ip.dst == 10.1.122.0/24 and ip.src == 10.1.122.0/24 http and ip.dst == 10.67.124.0/24 and ip.src == 10.67.124.0/24
HD8001090 HTTP
ip.src == 10.31.66.91 or ip.dst == 10.31.66.91 and http
QA EXCLUDING MONITORING
http and ip.dst != 139.230.244.129 and ip.src != 139.230.244.129 and ip.dst != 139.230.80.11 and ip.src != 139.230.80.11
DUMP ETH0 REQUESTS
# tcpdump -nnvvXSs 0 -i eth0 tcp -w /tmp/`hostname`_tcpdump_`date +%Y-%m-%dT%H-%M-%S`.pcap
DUMP LOCAL REQUESTS
# tcpdump -nnvvXSs 0 -i lo tcp and src 10.1.122.131 -w /tmp/`hostname`_tcpdump_`date +%Y-%m-%dT%H-%M-%S`.pcap
DUMP ETH0 REQUESTS FROM IP RANGE
# tcpdump -nnvvXSs 0 -i eth0 tcp and src net 10.31.71.0/24 -w /app/wcms.ecu/tmp/`hostname`_tcpdump_`date +%Y-%m-%dT%H-%M-%S`.pcap
DUMP SNMP MONITOR SESSION - NOTE: FILENAME EXT IS IMPORTANT FOR WIRESHARK ON WINDOWS
# tcpdump -nnvvXSs 0 tcp and dst 139.230.80.11 -w /app/wcms.ecu/tmp/`hostname`_tcpdump_`date +%Y-%m-%dT%H-%M-%S`.pcap # tcpdump -nnvvXSs 0 tcp and src 10.1.122.6 -w /app/wcms.ecu/tmp/`hostname`_tcpdump_`date +%Y-%m-%dT%H-%M-%S`.pcap # tcpdump -nnvvXSs 0 tcp and dst 10.1.122.8 -w /app/wcms.ecu/tmp/`hostname`_tcpdump_`date +%Y-%m-%dT%H-%M-%S`.pcap