Penetration Testing mailing list archives
Re: Auditing / Logging
From: "Don Parker" <dparker () rigelksecurity com>
Date: Tue, 13 Jan 2004 15:32:42 -0500 (EST)
I would suggest the following bpf filter; tcpdump -i eth0 -nXvs 0 ip and host xxx.xxx.xxx.xxx -w some_file This way you will get verbose logging as well as both hex and ascii o/p Cheers ------------------------------------------- Don Parker, GCIA Intrusion Detection Specialist Rigel Kent Security & Advisory Services Inc www.rigelksecurity.com ph :613.249.8340 fax:613.249.8319 -------------------------------------------- On Jan 13, Steve Shah <sshah () planetoid org> wrote: On Tue, Jan 13, 2004 at 05:43:21AM -0000, Travis Schack wrote:
When I am testing, I capture all network traffic using TCPdump (in binary) and I use the script command to capture all terminal activity.
Be sure to set the -s option ("snaplen") to zero so that you capture all of the activity. Many people forget this and only capture the headers a few bytes of the payload itself. Under Linux and a stock ethernet card, you'd want: tcpdump -i eth0 -s 0 -n -w dumpfile.pcap If you are doing this on a gateway, you may want to specify some filters so that only your attack network is captured. e.g. if my attack network is 200.100.50.0/24, tcpdump -i eth0 -s 0 -n -w dumpfile.pcap net 200.100.50.0/24 -Steve -- Steve Shah sshah () planetoid org - <a href='http://www.planetoid.org/'>http://www.planetoid.org/</a> Beating code into submission, one OS at a time... --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Auditing / Logging, (continued)
- Re: Auditing / Logging Don Parker (Jan 12)
- Re: Auditing / Logging R. DuFresne (Jan 12)
- Re: Auditing / Logging Don Parker (Jan 12)
- Re: Auditing / Logging Frank Knobbe (Jan 13)
- RE: Auditing / Logging Rob Shein (Jan 18)
- RE: Auditing / Logging Steve Armstrong (Jan 20)
- RE: Auditing / Logging Rob Shein (Jan 20)
- Re: Auditing / Logging Don Parker (Jan 12)
- Re: Auditing / Logging Travis Schack (Jan 12)
- Re: Auditing / Logging Steve Shah (Jan 13)
- Re: Auditing / Logging cdowns (Jan 13)
- Re: Auditing / Logging Steve Shah (Jan 13)
- Re: Auditing / Logging Don Parker (Jan 13)
- Re: Auditing / Logging Steve Shah (Jan 13)
- Re: Auditing / Logging Don Parker (Jan 13)
- Re: Auditing / Logging Steve Shah (Jan 14)