Networking :: Trace Incoming And Outgoing Network Traffic For A Give User?
Mar 14, 2010
OS : CentOS 5.3 64bit How to trace incoming and outgoing network traffic for a give user? User 'A' logs in to the system and does various network connectivity As root user need to find what are the outgoing and incoming connection that are related with user 'A'. basically need to check the connection flow. netstat will show ESTABLISHED, LISTEN etc.. need something like tcpdump
Eg:- --user option for tcpdump tcpdump -vv -nn -i eth0 host 10.200.2.1 and tcp dst port 8080 --user A Can someone tell me any tool which can do such thing? Even if it can show the process ID of the client application which is trying to establish network connectivity will do.
View 1 Replies
ADVERTISEMENT
Jan 6, 2011
I need to configure iptables to block incoming traffic (except specific ports), but allows all outgoing traffic.
I am able to block incoming traffic, but doing so also prevents outgoing traffic (tested by telnet [URL] 80)
The following was used:
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -j DROP
Also, even allowing NOT SYN requests still prevents outgoing traffic.
iptables -I INPUT 1 -p tcp ! --syn -j ACCEPT
Another point:
# modinfo ipt_state
modinfo: could not open /lib/modules/2.6.18-028stab070.14/modules.dep
How to install ipt_state module on ubuntu?
View 2 Replies
View Related
Oct 29, 2009
is there a utility with which I can get the current traffice towards a given host, for example;
command 87.255.33.32
22000
View 1 Replies
View Related
May 19, 2010
My question is simple - is there any linux app or applet which is able to show (monitor) incoming and outgoing connections assuming it's a direct internet access? I was using a firewall on a system off Redmont which was able to show every connection, listening ports of services if some were opened etc.
View 1 Replies
View Related
Sep 14, 2011
As too my question, at this time I dont control the router/firewall an I would like to block a port thats used for guild wars on my workstation for a while. The reason for blocking is children have abused it an lost it.In this case I am trying to block outgoing traffic on port 6112. I have tried setting up a proxy server on the workstation, but the game seems to ignore it an jump on. Due to the environment, I enabled the workstation SuSEFirewall2 firewall an tried setting up "lo" as a internal an configure the firewall as a router, then disable 0/0 an configured for 0/0,tcp,443 an re route port 80 traffic to proxy.
When I had my own internet, I had a transparent proxy enforcing rules for access times. So setting up a proxy on each machine would not be a bad thing, even if it took some creative thinking. I am trying, but seem to be missing something.Ideally, I would like to setup a transparent proxy, as my kids have learned alot about system administration an know to check the proxy module. If all they have to do is un check "Use Proxy" an by pass a local proxy server, then I am kinda defeated. An applications such as firefox have a proxy setting they could set to none instead of system
View 9 Replies
View Related
Sep 10, 2010
I want to create VBR traffic,I created file which contain two 32 bit fields.But When I execute tcl program with this.No pkt transfer is shown.When same program I tried with example-trace ,i saw pkt transfer.Containt of my traffic trace file is as follows :
[Code]...
View 4 Replies
View Related
Jun 9, 2011
There is a big problem with opensuse 11.4 and virtual interfaces.Until 11.2 outgoing traffic by default was sent by the eth0 address nevertheless which virtual interfaces did exist if any was used.Now there seems to be sent by the last interface listed with ifconfig.The outgoing address in this case will be 10.0.0.3.This is very problematic with smtp control etc.
View 1 Replies
View Related
Jul 4, 2010
I am still new to ubuntu and I use firestarter as my firewall tool and I was told that its just ufw in a gui. Well anyways I noticed a connection to 174.129.241.144 using https and python, I didn't have any scripts running and my browser was closed, I read the man files for ufw and it said to do something like deny from 174.129.0.0/12 and I want to block all incoming and outgoing connections to this IP range and I was wondering how to do that, I heard of iptables that it would be able to do this but I dont know anything about it. What I should learn so I can handle these kinds of situation in the future and how I can block this ip subnet or also what does the /8, /12, and /16 stand for?
View 7 Replies
View Related
Mar 9, 2010
I've got a box with 2 interfaces, with IP1 = 192.168.100.1 and IP2 = 10.1.1.1 respectively on them. I've got an iptables rule that looks like:
Code:
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 10.0.0.0/8 -p udp -j SNAT --to-source 10.1.1.1 --random
If I get 2 consecutive packets from the same address and port from 192.168.100.0/24, they get SNAT-ed and come out of the same port on 10.1.1.1. If then I get another packet from the same address and port 10 minutes later, then it gets SNAT-ed, but comes out of a different port on 10.1.1.1. My question is: how can I set the time delay I would like iptables to remember its incoming address/port to outgoing port mappings?
View 3 Replies
View Related
Apr 28, 2010
i need is to have http and https allowed, together with mail server (incoming and outgoing) and ftp, ftps and ssh. all other ports have to be closed.
View 3 Replies
View Related
Jun 29, 2011
My laptop has become very sluggish. So I loaded firestarter firewall. It is reporting loads of incoming UDP traffic. I only use this machine for Skype and Firefox based work as most of my stuff is kept on the cloud. Is it safe to stop all this UDP traffic? It would free up my CPU I guess. It seems port 56095 is getting hammered.
View 8 Replies
View Related
May 29, 2011
Before explaining the problem, I have to draw the environment. Because of post size limitations, I'll have to break this post in more than one entry.
Physical view
Code:
+--------+ +---+
|storage1|-----| |
+--------+ | s |
| w |
+--------+ | i | +-------+
|router2 |-----| t |-----|router1|--->Internet
+--------+ | c | +-------+
| h |
+--------+ | 8 |
|router3 |-----| |
+--------+ +---+
Device details
[Code]....
View 14 Replies
View Related
Aug 5, 2010
I am running the latest ubuntu. Sometimes it randomly stops accepting ssh connections, afp/smb connections, and even stops responding to pinging. It is connected via WIFI.
I go over to the desktop and use the browser, and the internet still works fine. Then after a while, it starts accepting incoming traffic again.
View 3 Replies
View Related
Jan 12, 2009
assist me in using the iptables firewall to block all incoming mail traffic (SMTP port 25) except that of a certain IP(s)? the situation is that we have a server that we only want to receive mail from a particular sender.
View 1 Replies
View Related
Nov 13, 2010
I have a couple of interfaces in a Fedora 14 box:
eth0: internet provided by an adsl router
eth1: LAN
I set up system-config-firewall to masquerade all outgoing traffic in eth0, as I did in other Fedora 13 boxes, but it seems it doesn't work. It sets to 1 /proc/sys/net/ipv4/ip_forward and also set the appropriate rules in iptables. But all traffic is blocked from the LAN to the Internet. "ping www.google.com" works in the Fedora box, but doesn't work in the LAN computers using the F14 IP as gateway. I have another F13 computer elsewhere configured this way and it works fine. But this one has Fedora 14.
View 2 Replies
View Related
Jun 9, 2011
I use a server with 3 nics,
eth0 192.168.2.100 (internal Web, Mail)
eth1 192.168.3.100 (Default Gateway nic for clients)
eth2 192.168.3.110 (should be default Gateway for all outgoing traffic not belonging to 192.168.2.100 and 192.168.3.100)
They are all on the same machine
i cannot set eth1 or eth2 as default gateway, as outside requests to eth0 would be handled in a false manner (somehow)
is there an easy iptables-rule to say, that outgoing traffic, not belonging to my networks can be redirected to a specific NIC (eth2)?
View 3 Replies
View Related
Nov 4, 2009
I have a Linux IPTables firewall on Centos 5.3.It has one physical interface to the internet and 2 internal interfaces to a DMZ and TRUSTED zone respectively.There are 10 virtual interfaces linked to the physical public interface.Emails are being sent from my server in the DMZ out to the internet, but it is being shown as coming from the firewall IP address.It must show as coming from one of the virtual interfaces.
View 4 Replies
View Related
May 2, 2010
I have a ubuntu computer set up as bridge between gateway and lan, with the lan connected to eth0 and gateway on eth1.
I'm trying to get it to basically block everything incoming except for the ports i specify, but also allow outgoing traffic. I've found, tried, modified som examples i found on the web, but still it wont block incoming traffic (ie, im still able to reach my webserver)
These are the rules, and i can't figure out why it wont block:
Code:
#!/bin/bash
iptables -F
iptables -X
iptables -I INPUT -i eth1 -j DROP
[Code].....
View 1 Replies
View Related
May 21, 2010
I have set up a Virtual machine on a dedicated server from 1and1. I hoped to use a bridge to give the vm direct access to the internet but 1and1 do mac filtering and so the only option is to use NAT.
I used Virtual Machine Manager on my Ubuntu 10.04 machine at home to install Debain Lenny on the vm on the server using KVM and all went well. I put it on a virtual network 192.168.100.0 and i can access it from the host and i can access the internet from the guest using NAT that libvirt set-up.
I bought another ip address from 1and1 with the hope of forwarding packets to the new ip address 11.22.33.02 to the guest vm.
I have tried all sorts of routing rules using iptables without any success.
my virtual network is on virbr1 the guest ip is 192.168.100.50 my external network device is ip say 11.22.33.01 on eth0 with the secondary ip say 11.22.33.02 on eth0:1
Here are the latest rules i tried:
Quote:
iptables -t nat -A PREROUTING -d 11.22.33.02 -i eth0 -j DNAT --to-destination 192.168.100.50
iptables -t nat -A POSTROUTING -s 192.168.100.50 -o eth0 -j SNAT --to-source 11.22.33.02
iptables -A FORWARD -p tcp -i eth0 -o virbr1 -d 192.168.100.50 -m state --state NEW -j ACCEPT
iptables -A FORWARD -t filter -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
[Code].....
View 2 Replies
View Related
Aug 12, 2010
I've noticed recently that a lot of outgoing internet traffic is generated by my laptop (running Ubuntu 10.04 - 64 bit). This wasn't the case previously. I only found out because my wireless broadband traffic allowance suddenly was used up very quickly. I've installed ntop to try to find out where all this traffic is going to.
I did find that there were a very high number (at one stage over 11.000) of active TCP/UDP sessions (see attached screenshot). Although the traffic generated by each is only small (about 100 bits/bytes - not sure what) multiplied by thousands, makes a fair bit of traffic. I wonder if I've got some kind of a virus/bug or do I have a configuration problem with my laptop?
View 6 Replies
View Related
May 6, 2010
I have a need to make a rather odd filter in tcpdump- I would like to capture only all those packages on interface eth0, that are outgoing(in other words from IP 192.168.1.1, which is IP for eth0 in this computer) and doesn't have src MAC address 11:22:33:44:55:66. However, fallowing command says, that syntax is wrong:
Code:
tcpdump -n -p -i eth0 src host 192.168.1.1 ether src not 11:22:33:44:55:66
Is this possible? If yes, then what is the correct command?
View 3 Replies
View Related
Nov 21, 2010
My Ubuntu Box has 3 interfaces. eth0 (Internal 192.168.1.0/24)eth1 (External ISP DHCP)eth2 (External ISP Static IP)I need the outgoing traffic to internet for 1 of the internal pc (192.168.1.10) to only go only go through eth2
View 4 Replies
View Related
Jun 9, 2010
How could we bcc all outgoing / incoming email through my Sendmail (8.14) Server?
I tried this /etc/procmailrc
:0c
! backupmail@domain.com
But this get looped and backupmail received multiple emails of each for domain.com while sending locally from one user to another user.
View 6 Replies
View Related
Aug 20, 2010
I just started using Skype and I am having a problem with the incoming/outgoing audio dropping out. The videoconference will start normal the connection being perfect. The guys on the other end can see me perfectly and can hear me loud and clear for the first say...10-20 secs but afterwards the outgoing audio from my part is dropping off and they can not hear me anymore. They can still see me. I can still be seen on the other end and typing and the share screen works perfect from my part or from their part but they can not hear me anymore..
Or there are days when it goes the other way round. The incoming sound would be dropping out. I can still be seen and heard on the other end and typing and the share screen works prefect but I am not able to hear them. I am using Slackware 13.1 on a XFCE desktop installed from the official DVD downloaded from the official site and the sound works perfect. I have no problem watching videos and hearing the sound in ..... or any other audio-video streaming sites.
View 1 Replies
View Related
May 17, 2011
As a part of migration I am proposing different scenarios to my organization. One which is asked to prepare is to configure multiple mail servers to handle incoming and outgoing mails. Say I have -[URL], I need to have accept mails from [URL] and send mail from [URL].
View 1 Replies
View Related
Feb 12, 2011
Is it possible to give user only FTP access / browsing rights for certain directory within /srv/www/htdocs and prevent same user to browse all other directories, even user's /home directory on that server?
View 8 Replies
View Related
Apr 4, 2010
a good IPTABLES protocol to reject all incoming ssh trafiic except for a single IP or IP range?
View 4 Replies
View Related
Dec 5, 2010
I have set up an openvpn server on ubuntu via port tcp 443. The server use a public network and almost every ports are blocked (not 443) So when a client connect to the server, if it send traffic needing a blocked port, the connection cannot been etablished of course. So i d like to know if it is possible to redirect all incoming traffic on the server to an other unblocked port (like 443) to bypass firewall.
I dont think openvpn offer this possibility but maybe with linux it is possible..
View 3 Replies
View Related
Jun 19, 2010
I've troubles getting my new Sweex wireless 300N USB adapter to work. Tried searching in several directions (see closed thread). Further investigations shows however it is caused by the NDISGTK wrapper for Windows drivers. Can anyone tell me whether Sweex is shipping a faulty driver (it is the latest available) or it is a fault in ndisgtk? Or maybe I'm doing something stupid myself, which I do not find completely imagenary below some more detailed information on my findings: Started with network off and examined the networkstatus
Quote:
tpeelen@CC-desktop:~$ sudo lshw -C network
*-network DISABLED
description: Ethernet interface
product: RTL8111/8168B PCI Express Gigabit Ethernet controller
[code]....
View 1 Replies
View Related
Feb 22, 2010
What is the easiest way to setup an incoming and outgoing mail server on centos? Without using a control panel, such was webmin.
View 2 Replies
View Related
