From owner-freebsd-questions Mon Jun 15 07:47:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA22425 for freebsd-questions-outgoing; Mon, 15 Jun 1998 07:47:09 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA22417 for ; Mon, 15 Jun 1998 07:47:05 -0700 (PDT) (envelope-from kuku@gilberto.physik.RWTH-Aachen.DE) Received: from gilberto.physik.RWTH-Aachen.DE (gilberto.physik.rwth-aachen.de [137.226.30.2]) by freefall.freebsd.org (8.8.8/8.8.5) with ESMTP id HAA17749 for ; Mon, 15 Jun 1998 07:46:17 -0700 (PDT) Received: (from kuku@localhost) by gilberto.physik.RWTH-Aachen.DE (8.8.8/8.8.7) id QAA29137 for freebsd-questions@freefall.cdrom.com; Mon, 15 Jun 1998 16:47:10 +0200 (MEST) (envelope-from kuku) Date: Mon, 15 Jun 1998 16:47:10 +0200 (MEST) From: Christoph Kukulies Message-Id: <199806151447.QAA29137@gilberto.physik.RWTH-Aachen.DE> To: freebsd-questions@freefall.cdrom.com Subject: using tcpdump effectively Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG To trace down why some network based X11 sessions are spuriously failing I' trying to use tcpdump. What sporadically happens is that a X session to our Mentor Design Architect running on HP is ceased and the connection breaks (we login via rlogin and start the X client with DISPLAY set to the FreeBSD machine.) When the connection breaks we see something like 'no route to host' Could that be caused by denial of service attacks? What exactly is a denial of service attack? How could I detect it using tcpdump? Are there other tools to trace down such a problem ? -- Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message