开发者

tcpdump - ignore unkown host error

I've got a tcpdump command running from a bash script. looks something like this.

tcpdump -nttttAr /path/to/file -F /my/filter/file

The filter file has a combination of ip addresses and host names. i.e. host 111.111.111.111 or host 112.112.112.112 and not (host abc.com or host def.com or host zyx.com).

And it works great - as long as the host names 开发者_如何学Pythonare all valid. My problem is sometimes these hostnames will not be valid and upon encountering one - tcpdump spits out

tcpdump: Unknown Host

I thought with the -n option it would skip dns lookup - but in anycase I need it to ignore the unknown host and continue along the filter file.

Any ideas?

Thank you in advance.


The -n option prevents conversion of IP addresses into names, but not the other way around. If you supply a hostname as an argument, it has to be looked up to get the IP address since packets only contain the numeric address and not the hostname. However, there ought to be a way to ignore invalid hostnames, but I can't find one. Perhaps you could pre-process your filter file using dig.

dig +short non-existent-domain.com    # returns null
dig +short google.com                 # returns multiple IP addresses

This could probably be better, but it should show you hostnames in your filter file that aren't valid:

grep -Po '(?<=host )[^ )]*' filterfile | grep -v '[0-9]$' | xargs -I % sh -c 'echo -n "% "; echo $(dig +short %)' | grep -v ' [0-9]'

Any hostnames it prints didn't have IP addresses returned by dig.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜