Security Basics mailing list archives
RE: Slickest way to capture all packets inbound and outbound for a specific IP address, or range?
From: "Michael LaSalvia" <mike () genxweb net>
Date: Sat, 6 Sep 2003 14:13:35 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You could run snort in tcpdump modethen do a tcpdump on the snort log with the options of tcpdump -eXvvr log.file src ip host ip or you can use port #. Ex tcpdump -eXvvr 090503snort.log src 192.168.1.1 host 192.168.2.1 port 135 Hope that helps a bit. It is just a small example look into it there is a lot you can do with it. - -----Original Message----- From: Mark G. Spencer [mailto:mspencer () evidentdata com] Sent: Friday, September 05, 2003 11:52 AM To: security-basics () securityfocus com Subject: Slickest way to capture all packets inbound and outbound for a specific IP address, or range? I'm curious what the best way would be to capture all packets inbound or outbound for a specific IP address or range of IP addresses would be? The scenario would be this .. I suspect an IP address of being involved in an intrusion into an application on my network. The relevant system has been patched, but I would still like to capture the full packets for any inbound and outbound activity for that IP address on a machine outside of my firewall. Would Snort be a good way to do this, or is there a quicker/slimmer solution? Thanks! Mark - ---------------------------------------------------------------------- - ----- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com - ---------------------------------------------------------------------- - ------ -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBP1ojz3AnVb+gRdsVEQIG0ACghKN4dKXRX8HET3w9JtPjrVoJdEAAn2MZ /zzmp8FCzcIxj0iev99ZacWF =9tmy -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Slickest way to capture all packets inbound and outbound for a specific IP address, or range? Mark G. Spencer (Sep 05)
- Re: Slickest way to capture all packets inbound and outbound for a specific IP address, or range? B (Sep 05)
- Re: Slickest way to capture all packets inbound and outbound for a specific IP address, or range? Jude Naidoo (Sep 05)
- Re: Slickest way to capture all packets inbound and outbound for a specific IP address, or range? Christos Gioran (Sep 08)
- RE: Slickest way to capture all packets inbound and outbound for a specific IP address, or range? Michael LaSalvia (Sep 08)