[netsa-tools-discuss] Decrepated switch "--pair-top-threshold=1" how to use for detecting malware activity
asad
a.alii85 at gmail.com
Mon Sep 21 05:20:10 EDT 2015
Hello,
I'm using following cmd
rwfilter --type=out \
--start=2004/6/29:17 \
--proto=6 --dport=445 \
--pass=stdout | \
rwstats --pair-top-threshold=1 | \
gawk -F"|" '{print $1}' | sort | \
uniq -c | sort -nr | head
Using this command I want to know number of IP addresses contacted
more than 100 unique destinations in a single hour?
But the cmd output says "--pair-top-threshold" command not found. Thanks.
regards
asad
More information about the netsa-tools-discuss
mailing list