[netsa-tools-discuss] Using rwfilter --flags-inital to fitler servers and clients addresses
asad
a.alii85 at gmail.com
Mon Oct 26 04:43:15 EDT 2015
Hello,
I'm processing nexsus 7k logs, and on 1 vlan I have tried to filter
all those IP addresses that are responsible for initial query
(handshake). My cmd and results looks like
"rwfilter --sensor=S1 --type=int2int --start-date=2015/10/15
--end-date=2015/10/23 --flags-initial=S/SA --print-statistics
--pass=query.rw
Files 216. Read 35403. Pass 0. Fail 35403."
If the filter is correct, it means I don't have a client in my VLAN
all are servers?Can this query be converted to identity list of source
IP addresses which requested connection to the servers in specific
vlan?
Thanks.
More information about the netsa-tools-discuss
mailing list