-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathfilter.cheat
48 lines (33 loc) · 1.45 KB
/
filter.cheat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
% filter
# Search dns logs in a date range #tip
fd dns 2021-01-{15..31} 2021-02-{01..10} | filter - example.com
# Match RFC1918 internal IP addresses #tip
filter -p rfc1918
# Extract IPv4 addresses from text #tip
filter -o -p ipv4 | distinct
# Find IPs associated with a domain #tip
filter --dns <domain> | chop answers | filter -o -p ipv4 | distinct
# Find IPs connecting to a domain #tip
filter --or \
-f <(filter --dns <domain> | chop answers | filter -o -p ipv4 | distinct) |
chop id.orig_h | distinct
# Find domains associated with an IP #tip
filter --dns <IP> | chop query answers | filter <IP> | chop 1 | mfo
# Summary of traffic for a single systems #tip
filter <IP1> | conn-summary
# Summary of traffic between two systems #tip
filter <IP1> <IP2> | conn-summary
# Summary of traffic involving an IP address over time (e.g. 2021-11-*) #tip
fd conn <date_glob> | filter - <ip> | conn-summary
# Find IPs going to a domain over HTTP or SSL #tip
{ filter --ssl <domain> | chop id.orig_h ; filter --http <domain> | chop id.orig_h } | distinct
# Send flags to the underlying grep command #tip
filter example.com -- -F
# Search case-insensitive #tip
filter -i example.com
# Print only the strings that match your search rather than the entire line #tip
filter -o -p ipv4
# Find files that contain the search term (quits searching file after first instance found) #tip
fd . | filter -l - <term>
# Preview the command filter is going to run #tip
filter --dry-run