Friday, April 11, 2008

Packet capture - SYN packets only

To capture only SYN packets (i.e. packets trying to initiate a session) you can use the following CLI command.

diag sniffer packet internal 'tcp[13] == 2'

This can be useful when you are trying to investigate suspicious activity on the network.

No comments: