Re: How do I snoop unauthorised traffic
- From: Llanzlan Klazmon <Klazmon@xxxxxxxxxxxxxxxx>
- Date: 13 Sep 2006 13:12:05 +1200
Peter Lowrie <peterlowrie@xxxxxxxxxxxxxxx> wrote in
news:1462842.YJ72qOBedK@xxxxxxxxxxxxxxx:
One of the Windows 2000 boxs is sending data out of the network to some
host on the internet. My gateway is Mandrake Linux 8.2 running straight
iptables.
As others said. That's a pretty old version.
I've tried tcpdump against the internet facing NIC but the
data are inconclusive.
Why? tcpdump can capture everything there is to see. Of course if the data
is encrypted then it wont tell you much other than the source/dest ip and
port no's.
How do I determine what traffic is leaving the network and determine
what host it is being sent to,
tcpdump can certainly capture that. If you have difficulty with the output
from tcpdump I suggest you save the data to a file using the -w option.
Then inspect the file using a graphical program like ethereal which can
read tcpdump output files fine.
then what string do I use in
the /etc/sysconfig/iptables file to block it?
In the forward chain, add a rule that drops or rejects the packets you
don't like.
Klazmon.
Thanks
Peter
.
- References:
- How do I snoop unauthorised traffic
- From: Peter Lowrie
- How do I snoop unauthorised traffic
- Prev by Date: Re: Ping command + Time
- Next by Date: Re: File permissions
- Previous by thread: Re: How do I snoop unauthorised traffic
- Next by thread: How to get first free udp port ?
- Index(es):
Relevant Pages
|
