Networking :: Slightly Higher Level Traffic Logging
Mar 19, 2011
Summary: Several school networks in need of a fairly low-level way to log network use, especially Internet. Raw packet captures are too low (and big). Turnkey solutions we've looked at (Untangle) aren't really a good fit. This seems like a common issue. Detail: For legal reasons, we have to be able to roll back time every so often (ie. when death-threats are made on some web-forum). Currently, our traffic logs on Internet traffic are pretty high-level and aren't really useful to point a finger at the guilty or away from the innocent. We also like to keep our users honest by providing them with data about their own computer use (ie. what are the top 10 websites they hit).
I've been building up rules with iptables and ulogd to log the creation of new connections and save it to a PCAP formatted file for consumption by some very simple analysis scripts, or examination with Wireshark if required. Just logging new connections prevents the logging data from getting large in a hurry, but also doesn't give us a lot of information we would like (ie. the amount of data transferred). We've been examining products that offer fairly full-featured analysis, notably Untangle, but we do a lot of weird stuff (VOIP, VC, VPNs) with traffic flowing through very minimal hardware (PC Engines) running Linux. This is very inexpensive and very flexible, and we like it that way.
View 3 Replies
ADVERTISEMENT
Dec 8, 2009
I need to log outbound (server -> remote) ssh traffic, but am unsure of the best way to do this.
I added this to iptables, but nothing is being written to the logs when I ssh from the server to another system.
iptables -A OUTPUT -m state --state NEW -j LOG --log-uid iptables-save
View 2 Replies
View Related
Apr 26, 2010
Where I work we have a lan, it is almost 100% windows machines except for 2 CentOS machines in which some clients connect to, via VPN. (very small network, <50 ip's used)
I would like to know if there is a way to block access from that machines to others in the network. I'm already logging traffic (with IPTraff) to see if they're accessing other machines in the network others than the ones they should connect.
View 7 Replies
View Related
Feb 14, 2011
turn up the level of logging that my DHCP Server is writing to SYSLOG?I can't seem to find a syslog.conf file to edit.
View 1 Replies
View Related
Sep 29, 2010
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
View 1 Replies
View Related
Mar 15, 2011
I wanted to tell my server to block all traffic but US only traffic. So i followed this guide:[URL].. Now I know, it's the best way to help prevent hackers/crackers (doesn't matter to me what they are called. I just have to stop them). My server only deals with US clients anyways so might as well just start right there for my server's security before getting into the brute force and injection preventions. So I got it all done compiled everything moved to the proper directory. I then started to setup my iptables. Like so
Code: iptables -F INPUT
iptables -F OUTPUT
iptables -I INPUT 1 -s *.*.*.* -p tcp --dport 22 -j ACCEPT
iptables -I INPUT 2 -s *.*.*.* -p tcp -j ACCEPT
[Code]...
After seeing that i went digging in the code and figured it was something todo with memory allocation.
View 1 Replies
View Related
Jul 8, 2010
I have been out of the linux game for a few years and decided to get back into it, I've been working now for a few days on figuring out why my machine's network card does not seem to want to work on a new FC13 installation.The machine is an older Dell Dimension with an 2.53 Gig Celeron Processor, 512 Megs of RAM (A gig soon) and the ethernet card is an Intel Corporation 82562EZ. Sone generic thing, though FC13 does recognize and appears to have appropriate software.
ifconfig shows no IP address in the x.x.x.x sense, and restarting the network doesn't seem to do anything. The network card is in working order, I tested it in a winxp installation, and the cable is also functioning.
View 4 Replies
View Related
Sep 27, 2009
Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
View 3 Replies
View Related
Aug 10, 2010
I've been able to kludge a kill script which finds the correct pid for the kdeserver (or gnome server) after my system comes up in run level 5 so I can drop back to run level 3 mode. Lots of experimentation showed me that using telinit 3 and telinit 5 would occasionally leave the video memory in a mess and I would have the black screen of death.
I set the security parameter setting to autologin for me since I am the only user of my machine, but I still have to kludge the default setting under sysconfig (the DEFAULT_WM) under Window Manager to pick a certain window manager, so it takes time to manually switch the desktop.
Right now I can leave the gui and drop back to cli, but painful experimenting showed me that killing the X server is a no no. Right now I kill the kde server, which sends the SIGTERM to the X windows manager, which then figures out that it has to shut down.
Questions: Is there a better way of doing this? Apparently openSUSE figures that we have multiple users logging into the gui desktop, so the gui is always kept running and a login window with the desktop manager option forces the user to login in. With autologin, this never happens, but no choice of desktop is possible on the fly.
Can some type of script be set up to painlessly enable this to happen? And what is the best way of bringing either the Gnome or KDE desktop manager down gracefully? I do get lots of error messages as the system attempts to recover and X shuts down. It appears that apparently the single user with autologin is left out in the cold.
View 4 Replies
View Related
Feb 6, 2010
I want to install a software called TinyOS which is an operating system designed for wireless sensor embedded networks in my account. The problem is it has instructions to install the software as an administrator since i'm not an admin of the department network i can not able to install. Is there any method to install this software as an user level rather than admin level.
View 3 Replies
View Related
May 8, 2010
How can I adjust the levels at which the battery is considered to be critically low?ight now it seems this is set at 5 or 10%. I want to make it 20 or 25%This is for Gnome. I am using Lucid x86
View 1 Replies
View Related
Jan 15, 2011
hello everyone, im having a problem when my computer enters in the run level 4 as the default when i start slackware. The strange thing is that it not seems that is a X window problem, it looks like more like a configuration problem in some part of the kde script to initialize the log in, because if i manually start the X service it works fine, i dont know what is the source. Thank you in advance for the help.
View 3 Replies
View Related
Jan 6, 2009
I want to know what are the advantages and disadvantages for accessing spi(serial peripheral inerface )from kernel level and user level. like methods of doing it, speed ,memeory utilization etc
View 1 Replies
View Related
Apr 27, 2010
We have something on our network that is reaking havoc with our content filter. I am trying to track it down, but so far I have been unsuccessful. We have approximately 500 devices in 100+ different locations spread across 9 states. Looking at each computer is not really feasible.
I need a machine that can sit in between our network and our internet connection and graphically monitor in real time and logs how much traffic each device is sending and receiving. It would need to sit inline so it has to have two nics and be able to pass traffic. The machine also needs to be transparent. Reconfiguration of our routers or workstations is not an option.
I have used ethereal and wireshark before. Ethereal may be a viable option, but wireshark seems to provide lots of information, but no practical way to make use of it. how to set up the box to be a transparent device on the network that will allow internet bound traffic to flow (freely)?
View 3 Replies
View Related
Apr 6, 2010
I have a desktop with a printer attached on a wireless link.I have a laptop where I want to print from. The problem is the wireless link comes up only after I log on to the desktop.I would prefer the wireless link (and cups) to be up with out having to log on at the desktop.
How would the run level be changed?
View 5 Replies
View Related
Jul 21, 2010
[code]...
you can find a cutout of an output generated by "iwlist s" command for a cell. Does anybody know what Quality, Signal level and Noise level mean? What is the definition of them? I searched for it and could not find good information on it. What do these Extra:*** fields for? What does it show in the example above? How were those values computed?
[code]...
View 1 Replies
View Related
May 12, 2009
Hi Guys,
here is my scenario:
I am running F10 x86_64 with Nvidia Quadro FX 3400.
I installed the drivers and it worked just fine. No errors generated according to Nvidia log files.
However, while in run level 5 when I try to switch to run level 3 by typing "telinit 3" or "init 3" the X server goes down and I get a blank screen. Same thing happens when I try to switch to a different tty session by <ctrl>+<alt>+F2 (or any F key for that matter).
I also noticed that when I shut down my system I can't see any more the screen where services are shutting down and their status ([OK] or [failed]).
Would appreciate your help on solving this issue.
View 3 Replies
View Related
Jun 17, 2010
Hey Guys, I'am new here and request your help on this:
After installing emacs and a few dependencies on my RHEL 5, on restarting the system, the keyboard was not able to work. I restarted several times in vein.
However, when I start in single mode, it works perfectly. I have tried looking for a solution from google, but in vein.
Kindly help...
Regards, Andrew
View 1 Replies
View Related
May 27, 2010
I have a directory that has a another directory inside it. The top directory is rather redundant since it only contains the one other one. Is there a way to delete the top level directory and have the contents simply "move up a level"?
View 6 Replies
View Related
Mar 24, 2010
I've got a level one usb wifi model wua-0603. However, ubuntu 9.10 could not recongize it automatically. How can I install the driver for it ?
View 1 Replies
View Related
Jun 20, 2010
I just installed the nvidia drivers and everything looks much nicer but. All my sound works fine, except when I try and get the bell sound (I've not tried others) from the terminal. This is kind of annoying because I want irssi to alert me when I get messages, otherwise I probably would never have noticed.
I really don't know how this could have caused that, but it was working before, isn't now and there does seem to be a lot of reports online of people's sound breaking after installing the nvidia drivers so...
Ok, now that I tried a different set of keywords I realise that this problem seems to have been had by a few other people and is occurs when compiz is on. I'm still not sure I understand it and I don't yet have a solution. :/
View 5 Replies
View Related
Aug 2, 2010
I would use the nouveau driver but the color hue seems to be slightly off. Is there any way to adjust the hue for the driver in real time(I don't want to have to change values in Xorg.conf the stop x, restart x and see if it worked). For example the proprietary nvidia drivers have the color settings in nvidia-settings.
View 2 Replies
View Related
Jul 10, 2011
I've just installed Maxima and wxmaxima. I've learned how to do simple math equations (3x+7=16) but I can't figure out to do slightly more difficult equations. Specifically, I can't figure out what's wrong with how I input this equation:
Code:
solve (7^(-4*x) = 2^(1+3*x), x);
I've tried incrementally building the equation (starting with 7^(x) = 2, then moving to 7^(-4*x) = 2, etc.)but when I introduce the second x, I get a blank output. I have no idea what to do.
View 4 Replies
View Related
Jul 28, 2010
Is there an ink level app that works with network printers? I am currently using Ubuntu Lucid x64 with a Canon MX860 printer that was installed using this tutorial: [URL]. Everything seems to work fine (it prints) but I cannot get any of the ink level apps to work (Mtink or Inkblot). After doing some research, my conclusion is those apps only work with USB connected printers. Is that true?
View 3 Replies
View Related
Jul 7, 2010
I would like be able to access packets coming off the network with the hopes of coding a primitive packet sniffer for learning purposes. I would also like to be able to piece together my own packets and send them out on my network. Eventually, I would also like to write a simple firewall so I want the capability to drop packets as well as let them pass. I assume I will have to access the kernel with some system calls to do this, any one have any information or resources that could help me on this project?
View 1 Replies
View Related
Mar 27, 2011
Im reading this tutorial that is old(kernel 2.4) for iptables. It states that iptables should not be read at the application level of the TCP model because of packet boundaries. Does this still hold true today?
View 1 Replies
View Related
May 11, 2010
I've succesfullly connected to my vpn with kvpnc, but none of my traffic is going through the vpn! I dont know how to route traffic to the vpn. for instance, when I go to whatsmyip.com it still has my previous ip.
View 1 Replies
View Related
Jul 11, 2010
I have a comcast business network adapter that has a 4 port switch. It also handles nat 1 to 1 translation for static IPs (That's just how they do it, there is no other choice).
In port 1, I have a cat6 that brings traffic to and from my linux machines, allows me to vpn, ssh, a mail server, etc. Everything here is fine.
In port 2, I have a netgear router that is setup with a point to point VPN for a client.
Here are the issues:
1. Machines that are connected to the netgear vpn router/switch can access machines on my network - I don't want this.
2. I can't access the machines connected to his lan from my lan - I need this to administer his machines somehow. Even if I have to VPN to the concentrator and do it like that.
Here is the network structure.
Code:
Internet <-> 10.10.10.1 -> switch with 10.10.10.x machines
|
-> internal vpn IP 10.10.10.50
|
[Code]....
The external network for the VPN is 10.10.10.x and the internal is 10.10.20.x. So, a machine with IP 10.10.20.100 can get to 10.10.10.X and I don't want that. I guessing it's doing this because technically, I'm 'from the internet' on 10.10.10.x and the vpn machines are going 'out to the internet'. Is there a way to have this:
vpn -> gateway traffic only?
I have a cisco 1811w at my disposal if I need to use it; however, I'm all thumbs when it comes to cisco IOS and networking in general.
View 4 Replies
View Related
Dec 1, 2010
I'm trying to inspect network traffic from my iPhone / iPad / Kindle / other wi-fi only consumer electronic device. To do this I man-in-the-middle myself (connect laptop to LAN via wire, create wireless Ad-hoc network, bridge the connections, then connect my device to the ad-hoc wi-fi network) and use Wireshark to watch the traffic.
In the past this has been adequate for my needs (just wanted to watch and see what potentially private info was being leaked about me / see that banking / amazon / etc apps were going over SSL). Now I've noticed that applications are almost all using SSL (which is great) but they are way to active for my taste. I'd like to use these apps but want to know what's happening in the background. I know that corporations dead-end SSL connections at their proxys to inspect the traffic and then re-establish the connection on behalf of the user for the trip across the internet. While I find the corporate use a bit distasteful, I think this is exactly what I'd need to do to myself. Any suggestions for how to do so or other ideas on how to get the packets in the clear?
View 3 Replies
View Related
Oct 19, 2010
How are packets treated that do not match any of the filters?
View 4 Replies
View Related