tcpdump고유한 항목만 표시하는 명령을 실행하려고 합니다 . 이것은 내 명령과 출력입니다.
$ sudo tcpdump -c 5 -q -i eno1 -nn -vvv tcp | sort | uniq
tcpdump: listening on br1, link-type EN10MB (Ethernet), capture size 262144 bytes
5 packets captured
6 packets received by filter
0 packets dropped by kernel
09:39:51.350138 IP (tos 0x10, ttl 64, id 61352, offset 0, flags [DF], proto TCP (6), length 184)
09:39:51.350743 IP (tos 0x0, ttl 124, id 3896, offset 0, flags [DF], proto TCP (6), length 40)
09:39:51.811811 IP (tos 0x0, ttl 124, id 3901, offset 0, flags [DF], proto TCP (6), length 92)
09:39:51.811861 IP (tos 0x0, ttl 64, id 41613, offset 0, flags [DF], proto TCP (6), length 40)
09:39:52.424473 IP (tos 0x0, ttl 64, id 41614, offset 0, flags [DF], proto TCP (6), length 92)
10.184.17.196.55195 > 10.88.159.90.22: tcp 0
10.184.17.196.58484 > 10.88.159.90.22: tcp 52
10.88.159.90.22 > 10.184.17.196.55195: tcp 144
10.88.159.90.22 > 10.184.17.196.58484: tcp 0
10.88.159.90.22 > 10.184.17.196.58484: tcp 52
내 출력이 고유한 항목의 목록이 되도록 하고 일반 tcpdump출력을 억제하고 싶습니다.
10.184.17.196.55195 > 10.88.159.90.22: tcp 0
10.184.17.196.58484 > 10.88.159.90.22: tcp 52
10.88.159.90.22 > 10.184.17.196.55195: tcp 144
10.88.159.90.22 > 10.184.17.196.58484: tcp 0
10.88.159.90.22 > 10.184.17.196.58484: tcp 52
답변1
간단한 grep 명령을 추가 파이프로 추가하는 것을 고려해 보셨나요? 예를 들어,
$ sudo tcpdump -c 5 -q -i eno1 -nn -vvv tcp | sort | uniq | grep '>'