I want to write a program that intercepts in real-time all network comms of whatever protocol that goes through eth0 (in and out) on my box. What do I need to take into account and where can I get necessary info? Pointers to samples & algorithms would be most welcome. There must be a standard way to access/use eth0, but I can't find.
View 6 RepliesHow do I get a serial device to simply send me the data without mucking it about. I mean, if I write a c prog in DOS or a C prog on an embedded system, I get the bytes that ar sent down the line. With linux I seem to get extra characters in it (0x1A crops up alot) and its very frustrating. I am using a virtual machine with WinXP in it, merely to monitor a 38400 baud 1 stop bit 8 data bits serial line. The linux terminall /dev/ttyUSB0, throws data at me nicely but about 10% of it is gonk. I want some magic command
like stty -F /dev/ttyUSB0 38400 -totallyraw
I was playing around with a script that seems to work relatively for my needs when SSH comms fail - AKA a user or someone attacking. This works. But, how would I add a threshold value? lets say if there are 3 entries, then perform add the IP to iptables as a rule.
Code:
#!/bin/sh
#
# FIREWALL SCRIPT
#
# March 1st, 2011
#
# Purpose:
# Add offending IP from failed SSH connections
# to the iptables (firewall) rules.
#
## Vars:
TIMETHRESHOLD="10" .....
I need to do some serial comms work and need an equivalent to hyper terminal on Debian. Does it exist?
View 3 Replies View RelatedI am on a slow Internet connection and it really makes me mad if something gets downloaded in background (like automatic update of any software) without my knowledge.
How can I monitor my network traffic sorted according to the "which binary file is using how much"? I can find the total transfer rate in "System Monitor" in Gnome, but what if I want to find for individual process. There are softwares like netmonitor in Windows, but how can I achieve that in UBUNTU LINUX.
GUI application will be nice, command line software will also be fine..
I have few Windows and Linux Machines and am in verse to monitor what upload and download is being performed as the network system are running in slow pace.Any one who can recommend a tool or utility which can track uploads and download in a network.If it can track who is downloading or uploading with what size of data could really benefit.
View 8 Replies View Relatedi have done most of the setup for MRTG network monitor tool.
But i m stuck at configuration part.
the actual MRTG guide says following.
I m little confused about what should i put inplace of community@router.abc.xyz.
Quote:
The next step is to configure mrtg for monitoring a network device. This is done by creating an mrtg.cfg file which defines what you want to monitor. Luckily, you don't have to dive straight in and start writing your own configuration file all by yourself. Together with mrtg you also got a copy of cfgmaker. This is a script you can point at a router of your choice; it will create a mrtg configuration file for you. You can find the script in the bin subdirectory.
cfgmaker --global 'WorkDir: /home/httpd/mrtg'
--global 'Options[_]: bits,growright'
--output /home/mrtg/cfg/mrtg.cfg
community@router.abc.xyz
This example above will create an mrtg config file in /home/mrtg/cfg assuming this is a directory visible on your webserver. You can read all about cfgmaker in cfgmaker. One area you might want to look at is the possibility of using --ifref=ip to prevent interface renumbering troubles from catching you.
If you want to start rolling your own mrtg configuration files, make sure you read mrtg-reference to learn all about the possible configuration options.
I want to be able to see the text messages that are sent to MY phone on my machine. (I have Ubuntu 10.04, and Window$), And be able to reply to them on my machine. Does anyone know of any software for this?I have found all kinds of software, or services online that allow you to send text messages to phones, and receive and reply, but never through my existing phone. Basically, I need a way to intercept texts from my phone.
View 9 Replies View RelatedI need to monitor network performance/usage based on protocols.
About snort now, is perfstat.c is replaced with some thing else?
I use a Compal KLH B0 laptop if I recall correctly. (It's rebranded but great!) It uses a completely standard keyboard where Fn+F7 and Fn+F8 are the volume buttons. This happens with all SDL games I have.
View 2 Replies View RelatedNow I have a problem with mencoder.When I tried to use mencoder to interpret a mp3 file (test.mp3) from 1:30 to the end like this :mencoder -o out.mp3 -oac mp3lame -lameopts cbr:br=128 -of rawaudio -ss 1:30 test.mp3I found it failed:ASF file format detected.asfheader]audio stream found, -aid 1Video stream is mandatory!Exiting.
View 6 Replies View RelatedI dont know if this is the right forum, But I try to find a solution, I want to intercept data from/to serial port without disrupting the software that manages the serial port, (I would like to save the data to a file or sent into a socket) I searched somes modules and programs (linspy, ttysniff, interceptty, maxty ...), A bit complicated (There are some diff. between kernel 2.4 and 2.6), So I'd like to change the serial port driver to intercept the "read" and "write " and do what I want with the data, I'd like to know what do you think about
View 3 Replies View Relatedhow to intercept the mouse and keyboard events in Linux,like hooking technique in Window ?
View 1 Replies View RelatedI need a simple traffic monitor for Linux, that counts the traffic in a specific wireless network because I have volume restrictions on that one.I tried it using the following iptables rule:
[code]...
iptables -m mac -A INPUT -p all --mac-source <mac-address> ! -s 10.0.0.0/8
where <mac-address> is the router's one. 10.0.0.0/8 is the local subnet. What I actually want is something like --routed-through <mac-address>. Also, is there some way to gather iptables's statistics? Or is there maybe another tool that does what I want (reliable)?
I chose -Server-, if this is more appropriate in -Networking-, just let me know. Basically, I need to be able to merge responses stored in a zone file with responses from an "upstream" authoritative server. I'm in the sad position of needing to "intercept" requests to *part* of a domain (but not restricted to a sub-domain!) and return results for *some* hosts that use an internally routed address, and results for the rest using the public internet addresses. Unfortunately, it's not my domain, so I can't just use views (although I suspect they could end up having some part to play in this, at least potentially)... but instead I have to actually send requests recursing to the other site's external DNS for any hosts my server doesn't have records for in the zone file.
Some background on the situation:
I work at a local government, which has a private link / VPN connection to a state government entity, and needs to use internal addresses for some of the state servers, which then get routed over an "internal" network link. But the state uses the same domain name internally and externally, just presenting views to internal clients vs. external clients. -- However, we are only being allowed access to certain of their servers through the internal link, which means that for any other servers that we don't have internal/private access for, we have to visit the public addresses just like anyone else on the internet... So, I can't just send all requests to their internal DNS and get responses, because we'd get IPs for some servers (e.g. their main web site) that we wouldn't then be able to reach using the internal network link.
For Example: Say I have a client machine, "client1", on my network ("my.net"), which uses "mydns1.my.net" for name resolution ... and which needs to access 2 servers on the state network, "private.st.us" and "public.st.us" -- so named based on how "my.net" needs to access them.
The external state DNS server/view ("ext-dns.st.us") responds to requests with something like:
private.st.us -- 1.2.3.456
public.st.us -- 1.2.3.457
(Those are just crap addresses, obviously.
The internal state DNS server/view ("int-dns.st.us") responds to requests with something like:
private.st.us -- 10.0.0.8
public.st.us -- 10.0.0.10
This works on their network because their own clients have access to all such IPs.
But for us, they only allow traffic flowing between "my.net" and their internal network to reach the 10.0.0.8 address, blocking all other address destinations. So, when "client1.my.net" asks "mydns1.my.net" for the address of "public.st.us", I need "mydns1" to recurse out to "ext-dns.st.us" to get an answer (1.2.3.457) and then return that IP to "client1" -- because "my.net" is blocked from accessing the server's 10.0.0.10 address. But, when client1 asks mydns1 for "private.st.us" I need to pull the IP (10.0.0.8) from a local zone file instead of asking either of the state DNS servers -- or optionally forward the request to "int-dns.st.us" I suppose -- because the state blocks access to certain services (which we need and are the whole cause of this problem!) via the public (1.2.3.456) address.
I'm having some issues settings up a transparent proxy server, which should allow only regular web browsing (port 80), any other port (including HTTPS (443)) has to be blocked, as well as any other port. Right now, I'm using Debian 6 and Squid3. The server only has one NIC. The topology is like this:
Clients <-> Proxy Server + DHCP Server <-> Internet
With this setup, the network does have internet access and the websites I whitelisted are the only ones accesible via browser, however port block is not working, every port is open, hence why trying to access blacklisted websites through HTTPS is possible. Seems to me Squid3 is doing it's job fine, however IPTABLES for some reason seems to be redirecting all the trafic to port 3128 (Squid3 port). I could be wrong, but I've been unable to do anything related to ports with squid3 (either whitelisting or blacklisting).
For Iptables I used:
Code:
iptables -A PREROUTING -t nat -i eth0 -p tcp -j REDIRECT --dport 80 --to-port 3128
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 443 -j DROP
Squid3 config:
Code:
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl Safe_ports port 80 # http
acl whitelist dstdomain "/etc/squid3/whitelist"
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny !whitelist
http_access allow localhost
http_access allow all
http_port 3128 intercept
hierarchy_stoplist cgi-bin
After installing 11.4, I need to type in the command to update the firmware for a broadcom wifi adapter. Then I needed to reboot, twice, before the system knew to use the adapter (where the adapter wifi light goes from orange to blue).
Then I needed to add my wireless network and type in my key. But the key does not take. If I click on my wireless network icon, it just re-asks for the key and does not connect nor give any other message. Network icon continues to display no connection.
So I need to reboot again.
When the system starts again, the adapter is blue, I click on the icon for my wifi network and it connects without asking for my key and I can then set to start my wifi by default.
Now my wifi works fine.
I am having problems with the refresh rate if the screen. In the refresh mode of the monitor in the monitor options have only one option 60Hz. I have LG 24 + ATI Radon 3870, and have already installed the ATI driver via Ubuntu download center.
View 1 Replies View RelatedI am now using Ubuntu 9.10. The prob is I am not able to increase the resolution of display. It is showing only 800 x 600 display. While trying to increase the resolution it is showing "Unknown Monitor". So, how can I detect the monitor so I can increase the resolution of my system.
View 3 Replies View RelatedI'm running F13, using Network Monitor to control my DSL connection. Until recently, all was well. Then, about a month ago, I tried changing my DNS numbers for reasons that seemed good at the time. Being properly paranoid, I kept my old DNS numbers in a text file. It's a good thing, because from then on, every time I needed to reboot (I only reboot for a kernel update, only shut down for hardware issues or a power failure.) I had no DNS until I copied them back into the configuration, disabled and re-enabled the connection. We've been having some work done here on the exterior, and every time the workmen come they manage to drop the power on the room the computer's in. I don't know if it's significant that all of the DNS losses have come after a power "failure," but it's worth mentioning.
View 13 Replies View RelatedThere is no "security" forum so I figured I'd post this here.
Because of PCI compliance requirements, we are going to begin using the built-in audit utility that comes with SuSE to monitor file/directory changes. The utility comes pre-configured to monitor many system files but I was curious as if there is a standard list of files/folders that should be monitored for PCI compliance? I've scanned the web but haven't come across anything yet.
Is there an easy way to monitor network traffic? I want to make sure my kids are surfing safe...
View 5 Replies View RelatedI am using orion snmp monitor in my network and I have no problem with windows systems but linux systems have some problem first of all snmp monitor shows cpu load on 100% all the time that is completely wrong and secong my snmp monitor can just show cpu and memory and response time information of linux systems and not disk information and nothing more. this is my /etc/snmp/snmpd.conf file content:
com2sec paranoid default public
group MyROSystem v1 paranoid
group MyROSystem v2c paranoid
group MyROSystem usm paranoid
group MyROGroup v1 readonly
[Code]....
I have an F11 on an old box 686 athlon with an old nVidia Corporation NV5 [RIVA TNT2/TNT2 Pro] (rev 15) AGP. I am trying to do a network install upgrade to F13. I cannot get it to display the install menus from the network install disk. I get the initial screen with the install, basic video, repair, etc choices, but after I select the install/upgrade option, I see the CD drive read but the LCD monitor display never appears. The ready light on the monitor just keeps blinking and the display stays dark. Is there anyway of getting an error log to see what is going on?
View 3 Replies View RelatedWhen you need to change something on the server you can hook up a monitor and a keyboard and do it through the console.
I would like to hook up an external monitor in this fashion for a desktop. The current video card can only support a single display. So I was hoping there was someway to use a second monitor as just a permanent console since simple text shouldn't require a video card?
what I want to achieve is just to be able to say to who ever is killing our relatively fast connect that they aren't the only person using the network. Everyone just says "I hardly download anything." which is obviously untruthful as normally I can download at 1.5 MB/s but now loading even google.com takes way too long (same with pinging and all other sites). Once I do this, I can determine whether or not I need to call my ISP and do the long 'on hold' dance and "have you tried rebooting the router" BS.
View 8 Replies View Relatedi have been looking for a simple network monitor daemon for ubuntu, for some time but have not found anything that suits my requirements and from what i've been reading online there seems to be quite alot of other people out there that are looking for the same thing. [URL]...for-linux.html page seems to have the most comprehensive list of similar products but if you read through all of them they don't seem to be what i'd imagine most home users need. here's a list of what i had in mind, if any one uses something that has these features or knows of something that might meet these requirements please let us know! 1)a small lightweight daemon that can be accessed via the panel on gnome 2)has thee ability to monitor eth or ppp (particularly internet traffic)3)can represent this data in a human readable format ie using megabytes and gigabytes 4)can store a history of how much data is being sent and received over long periods of time (like several months)
View 2 Replies View RelatedWhen I'm using Ubuntu, I like to use the "system monitor" - specifically to monitor the network upload and download speed.
View 1 Replies View RelatedI have looked for and found several tools to show a system's total network usage. I have not, however, been able to find any that show this information in the context of individual processes. Do any such tools for linux exist?
View 4 Replies View RelatedWe have a quad core Intel Xeon E 5410 processor running on recently installed centOS 5.5. Machine can't be pinged all of sudden and when we switch on the monitor, no signal on it, even no response on keyboard. We thought the problem accorded with abrupt temperature changes, is it so? But we have similar machines running efficiently under same temperature conditions.
View 4 Replies View Related