Ubuntu Security :: Tcpdump: Filtering For Packets From A Site With Mulitple Ip Addresses?

Aug 13, 2011

I want to capture all packets from site "www.examplesite.com" so I checked its ip address in an ip address look up and it was 123.456.abc.def.So I set my filter to "dst host 23.456.abc.def"However I then realised that multiple ip address point to ww.examplesite.com, for example say the following ips also go to987.654.321.000111.222.333.444So is there a filter that will automatically capture all traffic going to www.examplesite.com or do I have to go and manually find all it's ip addresses and pass them all to the filter?

View 2 Replies


ADVERTISEMENT

General :: Tcpdump Filtering Remote Interface?

Jan 28, 2011

I'm trying to capture traffic between two machines, A and B. I would like to make sure that the traffic I capture with tcpdump is between eth1 on the local machine and eth0 on the remote machine. As I understand it, the -i flag specifies the local machine interface - but how to set the remote one?

View 3 Replies View Related

General :: Tcpdump Decode Gzip Packets?

Mar 11, 2010

Does gzip have the capability to decode gzipped traffic? I have been beating my head against the wall with this issue. What I'm trying to do is capture traffic between a web server and clients, and I've got it set up where it's redirected to a file for ease of grepping, however it's seemingly incapable of decoding gzipped encoding. I know I can do this with tshark, I'm curious as to whether tcpdump has this capability (i.e. only using tcpdump, and not some additional tool like tcpshow or what-not).

I can't find much on this issue in the man page for tcpdump, but it is fairly lengthy, so it's possible that I missed something, but I don't see that as especially likely.

View 2 Replies View Related

Networking :: Tcpdump Not Writing Raw Packets With Write Switch?

Nov 21, 2010

I am trying dump some packets using tcpdump and it does not seem to be working.

System is fedora12
TCPDUMP v4.1
Libpcap v1.0
I even rolled my own,
TCPDUMP v4.1.1
libpcap v1.1.1

View 1 Replies View Related

General :: Capture Packets From Multiple Host Through Tcpdump?

Apr 27, 2010

What is the syntax to capture packets from multiple host through tcpdumptcpdump ip host host1|host2|host3|host3

View 3 Replies View Related

General :: Networking - Interface Stops Receiving Packets As Seen By Tcpdump

Mar 30, 2011

I have a linux box with two interfaces: eth0 is a builtin and eth1 is a USB-LAN.

There is an IP configured on eth1.

eth0 is up but no IP is configured. This interface is used for sniffing with tcpdump.

The problem is that eth0 frequently stops receiving packets -- my tcpdump captures are empty, and if I look at the interface stats with ifconfig, I can see that no packets are received.

If I bounce the interface (ifconfig eth0 down; ifconfig eth0 up), it starts receiving packets again.

View 1 Replies View Related

SUSE :: Sniffing With TCPDUMP Or Tshark - Get No Packets Back When Specify A Host To Watch

Nov 23, 2010

If I am sniffing with TCPDUMP or tshark, I have an issue. If I specify a host to watch, I get no packets back, but if I don't specify a host, I get all traffic, including the host traffic I was filtering for the first time. ?? IE: If I: tcpdump -vnnXs 1514 -i bond0 I see all traffic and traffic to x.x.x.x But if I: tcpdump -vnnXs 1514 -i bond0 host x.x.x.x I see no traffic.

View 1 Replies View Related

Fedora Networking :: What Is The Term Used When Your Web Site Is Getting Spammed From Many Different Ip Addresses?

Jan 23, 2011

So what is the term used when your web site is getting spammed from many different ip addresses, hits are minutes apart?

View 14 Replies View Related

Security :: Site-to-site Ouija Board Connection?

Oct 3, 2010

Maybe a site-to-site Ouija board connection.

View 5 Replies View Related

Ubuntu Security :: Running TCPDump In The Background?

Apr 1, 2010

I was wondering how one could set up tcpdump to run in the background, dumping all output to a file until I terminate the process.Here is the dilema... I SSH into the box that will be listening (using tcpdump)...

ssh> sudo tcpdump -i eth0 > dump_file
yadda yadda...

then if I exit my ssh session, tcpdump closes.

If I do a...
ssh> sudo tcpdump -i eth0 > dump_file &
[1] 12938
yadda yadda.

View 7 Replies View Related

Security :: Understanding TCPdump And SSH Security

Jul 10, 2010

I have ssh open to one of my servers on a non-standard port. I have never seen anything to make me believe someone has cracked or even has tried to crack into the machine in the past. However, I was troubleshooting another issues I had and notice entries like this in my tcpdump output:

13:09:22.341390 IP 192.168.1.2.51413 > 190-82-164-231.adsl.tie.cl.10399: UDP, length 67
13:09:22.341427 IP 192.168.1.2.51413 > 95.58.5.15.22439: UDP, length 67
13:09:22.341464 IP 192.168.1.2.51413 > ool-4350a8e7.dyn.optonline.net.56836: UDP, length 67
13:09:22.341499 IP 192.168.1.2.51413 > 80.237.121.2.63878: UDP, length 67
13:09:22.396750 IP ool-4350a8e7.dyn.optonline.net.56836 > 192.168.1.2.51413: UDP, length 58
13:09:22.698354 IP 95.58.5.15.22439 > 192.168.1.2.51413: UDP, length 58

Obviously some of these are IP addresses of people on ISPs. Are these people just scanning ports? I do not see any invalid users in my secure log so I am not too concerned right now. But I am getting a ton of these (above entries) in my tcpdumps, so it is a little scary to think that there is this many people trying to scan my ports and possible attacking me. I am just trying to learn more about security and tcp packets.

View 2 Replies View Related

Security :: Filtering On Same Subnet

Aug 4, 2010

Let's say I have a few hosts on the same subnet, and they are all connected to a central Linux box running a filtering bridge. If I tightly control the communications between the hosts using the filtering bridge, is this just as good as seperating hosts into different subnets (e.g. DMZ and Internal) ?

View 6 Replies View Related

Ubuntu Security :: Iptables: MAC Filtering With A File?

Jul 2, 2011

I'm wanting to use mac filtering to restrict access to certain machines. I already know that I can just add MACs line by line, but is there a way to specify a list of MACs? That way it would be much simpler to maintain a list of acceptable/unacceptable hosts.

I'm not going to rely only on this list because of spoofing, but it would be nice as another "layer" of protection.

View 4 Replies View Related

Programming :: Write A Program In C That Can Sniff Packets From Ethernet And Distinguish RTP Packets From Non-RTP Packets?

Aug 30, 2010

i need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do

View 9 Replies View Related

Ubuntu Security :: Filtering Connection Strings With Iptables?

Mar 12, 2011

I have several CS servers running on ubuntu server, and sometimes someone is trying to brute server's RCON password with the program called HLBrute. I've found the following rules to prevent such hack attacks, but they don't work What can be wrong in these rules?

Quote:

iptables -A INPUT -p udp -m multiport --dport 26000:30000 -m string --algo kmp --string "HLBrute" -m limit --limit 1/hour --limit-burst 5 -j LOG --log-prefix " HLBrute_Ataka "
iptables -A INPUT -p udp -m multiport --dport 26000:30000 -m string --algo kmp --string "HLBrute" -j DROP

View 3 Replies View Related

Security :: Tools For Content Filtering In System?

Jun 22, 2009

I have already developed file type filtering functions through squid. Now I want to deal with content filtering aspects... What tools are available there for so in linux?

View 6 Replies View Related

Security :: How To Create IPTables Rule Similar To Tcpdump

Feb 23, 2010

I'm not an iptables expert. Anybody know how to create a rule/chain that will log info similar to what tcpdump -s0 would do?

View 3 Replies View Related

Security :: Make Use Of Snort And Its Packet Filtering/inspection Abilities

Jul 26, 2010

I'm looking to possibly need to make use of snort and its packet filtering/inspection abilities to help cover for PCI. I've searched Amazon, but nothing really stand out, there is a new one (2007 - Snort Intrusion Detection and Prevention Toolkit), or slightly older ones... Managing Security with Snort & IDS Tools - 2004, Snort Cookbook - 2005, Snort for Dummies - 2004.

Now i'm tempted in just going for the latest one, but i'm completely new to snort so perhaps it needs another book like snort for dummies to get started ;-P

View 5 Replies View Related

Ubuntu Security :: Why These Packets Droped By Iptables

Apr 30, 2011

i dont know why packets dropped? and something else what are those numbers for default policy in [] means?this is rules:

Code:
# Generated by iptables-save v1.4.4 on Sun May 1 00:09:57 2011
*mangle

[code]....

View 9 Replies View Related

Ubuntu Security :: Gpg With Different Mail Addresses?

May 14, 2011

possible to use a gpg key registered on a different email account than the account I have linked to evolution. As is now, I have entered the key id into evolution, but it does not decrypt my mails. It does not even ask for a password.simply opens the message and displays a page of code.

View 2 Replies View Related

Red Hat / Fedora :: Running Mulitple Command Through Ssh Not Working?

Aug 19, 2010

I am trying to execute 3 commands stacked together on a remote server. The purpose of the commands are to get the oldest path name, then the filename of the oldest file in that path, and then the date/time of that file.

The command I am running is: stat -c %y $( find -L $( find -L /home/data -depth -maxdepth 6 -mindepth 6 -type d | sort -f | head -1 ) | grep txt | sort -f | head -1 ) This command works fine if I execute it on the command line of the server. However, when I try to use it in a bash script and execute it from one server on the other server using ssh, the command does not work.

Example:

oldest_file=`ssh -l root $IP "stat -c %y $( find -L $( find -L /home/data -depth -maxdepth 6 -mindepth 6 -type d | sort -f | head -1 ) | grep txt | sort -f | head -1 )"`

I don't know why the command will execute if I run it straight on the server but not through ssh. I broke it down to just the 2 Find commands and saw with verbose turned on that the path from the first (innermost) Find is not being passed to the second Find so it is not returning a filename which inevitably makes the Stat command fail.

Also, if there is an easier way to do what I am trying to accomplish without stacking these 3 commands like this, then I welcome those suggestions as well since I am a Linux newbie.

View 4 Replies View Related

Ubuntu Security :: Frequently Received Whois Packets

May 3, 2010

I keep finding packets that appear to be whois on port 44. they appear to originate from me to whois.arin.net (2 packets each time) and 199.212.0.43 (also 2 packets each time) when I put 199.212.0.43 in the URL box it says "Failure To Connect To Web Server". when I whois it it says:

Quote:

Available at [url] And yes, I did get the same packets when I used whois. Why is my computer randomly whoising stuff?

View 3 Replies View Related

Ubuntu Security :: What IP Addresses To Be Used For Update Servers

Mar 22, 2010

Does anyone know the ubuntu update servers IP addresses. I am trying to fine tune my firewall rules and was unsure of what ip addresses to use for the update servers. I believe they are us.archive.ubuntu.com and security.ubuntu.com. However, I could be wrong.

View 3 Replies View Related

Ubuntu Security :: Anti Malware Filtering Works In Open Dns Works?

Jan 13, 2010

using ubuntu and the corporate edition of open dns? >Im curious to find out how the anti malware filtering works in open dns works.

View 4 Replies View Related

Ubuntu Security :: Something Is Trnsmitting Packets And Grinding Network To A Halt?

Feb 10, 2010

I have a small network with 4 users, a Win2003 server for LAN/security functions, and a Dell Blade server running Ubuntu 8.04.1 which runs as our web server on port 80. I manage the Ubuntu server with Webmin v1.42Yesterday, my users weren't able to access the internet nor were they able to receive mail, etc. and no one could access any of the website hosted on the webserver. However, the internal users could access each other's PCs and internal printers and devices - just nothing outside.

I began to troubleshoot: I could see a lot of activity on the Router/Firewall on the port connected to the Ubuntu server. When I unplugged the server, everyone could immedately connect to the internet. So, the problem was originating with that server.When I logged in to the Ubuntu server using Webmin, I checked System>Running Processes and right at the top of the list was the process:ID Owner CPU Command23184 www-data 98.1% ./s 174.120.164.186 7777When I drilled down on this process it said that the parent process was:/bin/sh -c ./s 174.120.164.186 7777I pressed the Trace Process button and it appears to be sending the following repeatedly:Time System Call Parameters Returnxxxx send 125,0123456789ABCDE,15,0 15So, I manually Killed the process and added a rule to my firewall/router to block an IP range that includes 174:120:164:186

A few hours later the same process stars again in Ubuntu,, effectively plugging up my pipeline to the internet and preventing access to the websites being hosted.It suspect that there is some kind of virus on my Ubuntu machine but have no idea how to locate and destroy it. I am relatively new to the Ubuntu world and would appreciate anyone's help immensely! I just don't know what to do!

View 9 Replies View Related

Ubuntu Security :: UFW Stopped Logging Blocked Packets / Solution For This?

Mar 17, 2010

On April 10, 2010, I upgraded some packages on my Ubuntu 9.04 server. This included an upgrade to "ufw 0.27-0ubuntu2". I rebooted the server, and all appeared to be fine.

Now I've noticed that UFW is not logging blocked packets since that reboot. It used to do this. It is still logging the allowed packets that I've configured it to log.

Here's what a "ufw status verbose" says code...

View 2 Replies View Related

Ubuntu Security :: Odd Port Scanning Results - 646 - Dropping Packets

Jun 6, 2010

I was testing the security of my Ubuntu 10.04 64bit install by running a port scan from [URL] and I came upon some odd results. It appears that basically all my ports are closed, but only Port 646 is dropping packets silently. Furthermore, Port 80 is open.

View 5 Replies View Related

Security :: Bypassing ISP Using SSH / Manipulate SSH Packets Between Two Computers?

Sep 1, 2010

I setup a SSH server on my computer on a very high port, so that my brother could surf the web through my computer from Iran, since the majority of websites are filtered there.

Today, he told me he cannot connect to my computer. That's why, I got suspicious that they are doing packet based filtering instead of port. Then I decided to change the port to 433 for https, but one of my friend told me that they just banned https in Iran as well.

I was wondering if there's any way I can manipulate SSH packets between two computers so that my brother's ISP won't figure out he's exchanging SSH packets?

View 2 Replies View Related

Security :: Find Process Which Generates TCP Packets?

Dec 17, 2010

My machine is trying to communicate with another computer. I�ve blocked the traffic with this machine with iptables (input and output traffic), but I want to find the origin of this traffic. There�re 90% of probabilities it�s a trojan, and I want to find it.I have logged the packets with iptables (and then dropped), but with this I don�t know the proccess source.I�ve tried with netstat -o, but I don�t get nothing.How can I see the Process source (i.e. the PID) of this traffic?The traffic are TCP packets, with SYN flagged active (my machine is trying to establish a connection with that IP).

View 9 Replies View Related

Security :: Iptables - Block Bad And Not Related Packets

Jun 8, 2011

My VPS host a mail, blog and web site. So i want to block port i not use. The port that i use is 80,21,2022,443. The other port will be drop. I want to block bad packet and all packet that not related. Can anyone how to write in iptables?

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved