My current tcpdump operation does log all requests on http port on certain interface:
tcpdump -i eth0 -C 100 -W 100 -w traffic port http
problem is, at this point tcpdump is collecting all request (even with sensible information from my login page). At this point I have to egrep through my tcpdump file, and egrep those file to put them out. Is there any way to integrate searching for certain text values in my request, and if they're present - to not log this request to file?
答案 0 :(得分:1)
您可以使用tshark(由wireshark创建的CLI)而不是tcpdump,它允许您运行lua脚本。
这是一个相当高级的话题,但值得研究一下你可以看看:
https://wiki.wireshark.org/Lua/Examples
恕我直言你不应该用正则表达式解决这个问题,你最好模糊敏感信息(打印****)而不是完全删除它们。
也有可能将敏感信息发布到/login等端点,并且因为Tshark在您的lua脚本中解析HTTP协议,您可以根据路径字段编写决策。