RE: Slickest way to capture all packets inbound and outbound for a specific IP address, or range?
From: Michael LaSalvia (mike_at_genxweb.net)
Date: 09/06/03
- Previous message: Tomas Wolf: "Re: ICMP (Ping)"
- In reply to: Mark G. Spencer: "Slickest way to capture all packets inbound and outbound for a specific IP address, or range?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Mark G. Spencer'" <mspencer@evidentdata.com>, <security-basics@securityfocus.com> Date: Sat, 6 Sep 2003 14:13:35 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
You could run snort in tcpdump modethen do a tcpdump on the snort log
with the options of tcpdump -eXvvr log.file src ip host ip or you can
use port #.
Ex tcpdump -eXvvr 090503snort.log src 192.168.1.1 host 192.168.2.1
port 135
Hope that helps a bit. It is just a small example look into it there
is a lot you can do with it.
- -----Original Message-----
From: Mark G. Spencer [mailto:mspencer@evidentdata.com]
Sent: Friday, September 05, 2003 11:52 AM
To: security-basics@securityfocus.com
Subject: Slickest way to capture all packets inbound and outbound for
a specific IP address, or range?
I'm curious what the best way would be to capture all packets inbound
or
outbound for a specific IP address or range of IP addresses would be?
The
scenario would be this ..
I suspect an IP address of being involved in an intrusion into an
application on my network. The relevant system has been patched, but
I
would still like to capture the full packets for any inbound and
outbound
activity for that IP address on a machine outside of my firewall.
Would Snort be a good way to do this, or is there a quicker/slimmer
solution?
Thanks!
Mark
- ----------------------------------------------------------------------
- -----
Attend Black Hat Briefings & Training Federal, September 29-30
(Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat
event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends
September 6.Visit us: www.blackhat.com
- ----------------------------------------------------------------------
- ------
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBP1ojz3AnVb+gRdsVEQIG0ACghKN4dKXRX8HET3w9JtPjrVoJdEAAn2MZ
/zzmp8FCzcIxj0iev99ZacWF
=9tmy
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Precisely Define and Implement Network Security
- Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW - FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
- Previous message: Tomas Wolf: "Re: ICMP (Ping)"
- In reply to: Mark G. Spencer: "Slickest way to capture all packets inbound and outbound for a specific IP address, or range?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
