Date: Tue, 15 Oct 2002 23:04:52 +0300 (EEST) From: BigBrother <bigbrother@bonbon.net> To: questions@FreeBSD.ORG Subject: Re: monitor ALL connections to ALL ports Message-ID: <20021015230205.D212-100000@bigb3server.bbcluster.gr>
next in thread | raw e-mail | index | archive | help
It sounds to me that you are looking for a Network Intrusion system. 1) try: /usr/ports/security/snort It has plenty of rules that can help you log whatever u like. 2) Also another possibility is to use tcpdump host <YOUR_IP> -w <LOGFILE> which will log all the packets heading for your IP in raw form in the logifle. TCPdump has many swithches. The format of the logfile is in libcap format and there are plenty of parsers of this file [including tcpdump, ethereal, snort] IMO, try to log ALL connections to ALL ports ONLY if ur box is faster than a PIII, 500Mhz, 256 RAM. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021015230205.D212-100000>