Re: How to Log OUTGOING Packets w/ IPCHAINS

From: David (thunderbolt01@netscape.net)
Date: 12/31/02


From: David <thunderbolt01@netscape.net>
Date: Tue, 31 Dec 2002 16:41:59 GMT

Ted Smith wrote:
> Hello. My ISP tells me that my server periodically gets attacked and
> pumps out about 30MB/sec of traffic.. I have bastille and pmfirewall
> running, but those are only logging blocked outgoing packets. How
> would I go about detecting the outgoing packets to figure out what is
> causing this problem? Thanks a lot!

Run "snort" or "tcpdump"

tcpdump -i eth0 -s 1500 -v -n -w /path/to/somefile
   # this will log output to "somefile"

-- 
   Confucius:  He who play in root, eventually kill tree.
Registered with the Linux Counter.  http://counter.li.org


Relevant Pages

  • How to Log OUTGOING Packets w/ IPCHAINS
    ... pumps out about 30MB/sec of traffic.. ... I have bastille and pmfirewall ... but those are only logging blocked outgoing packets. ...
    (comp.os.linux.security)
  • Re: Probes on Port 135 and 445 continue
    ... >>Personally I would want want my ISP to touch my traffic as little as ... At most making sure that the outgoing packets don't have ... sense to ask for a public connection would be impacted. ... lemmings that "Use" a computer. ...
    (comp.security.misc)
  • Re: Probes on Port 135 and 445 continue
    ... >>Personally I would want want my ISP to touch my traffic as little as ... At most making sure that the outgoing packets don't have ... sense to ask for a public connection would be impacted. ... lemmings that "Use" a computer. ...
    (comp.security.unix)