Security Basics mailing list archives

Re: Slickest way to capture all packets inbound and outbound for a specific IP address, or range?

From: "Jude Naidoo" <jude007 () jnaidoo fsnet co uk>
Date: Fri, 5 Sep 2003 22:22:26 +0100

Hi

you may want to install ethereal on that box. Ethereal allows you to
basically do a tcpdump on the NIC. You can even filter the type of traffic
you're looking for.
It's a free app, and has proven to be very useful

Good luck

Jude


----- Original Message ----- 
From: "Mark G. Spencer" <mspencer () evidentdata com>
To: <security-basics () securityfocus com>
Sent: Friday, September 05, 2003 4:51 PM
Subject: Slickest way to capture all packets inbound and outbound for a
specific IP address, or range?

I'm curious what the best way would be to capture all packets inbound or
outbound for a specific IP address or range of IP addresses would be?  The
scenario would be this ..

I suspect an IP address of being involved in an intrusion into an
application on my network.  The relevant system has been patched, but I
would still like to capture the full packets for any inbound and outbound
activity for that IP address on a machine outside of my firewall.

Would Snort be a good way to do this, or is there a quicker/slimmer
solution?

Thanks!

Mark



--------------------------------------------------------------------------

Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September

6.Visit us: www.blackhat.com

--------------------------------------------------------------------------

--




---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Current thread:

Slickest way to capture all packets inbound and outbound for a specific IP address, or range? Mark G. Spencer (Sep 05)
- Re: Slickest way to capture all packets inbound and outbound for a specific IP address, or range? B (Sep 05)
  - RE: Slickest way to capture all packets inbound and outbound for a specific IP address, or range? Jim Laverty (Sep 05)
    - RE: Slickest way to capture all packets inbound and outbound for a specific IP address, or range? Ranjeet Shetye (Sep 09)
- Re: Slickest way to capture all packets inbound and outbound for a specific IP address, or range? Jude Naidoo (Sep 05)
- Re: Slickest way to capture all packets inbound and outbound for a specific IP address, or range? Christos Gioran (Sep 08)
- RE: Slickest way to capture all packets inbound and outbound for a specific IP address, or range? Michael LaSalvia (Sep 08)