On Tue, Feb 05, 2008 at 09:29:30AM -0800, John R Pierce wrote: > Tony Schreiner wrote: >>> assuming you want to log user web browsing traffic, configuring a Squid >>> transparent proxy at your network border would be the best way. its >>> logfiles are quite similar to those of a webserver, so you can use a wide >>> range of log analysis tools. >>> >> To get more specific about what's going on. My network services have >> informed me that the machine is probing other systems at a high rate. An >> infection of some sort. And I'm trying to track down what's going on. > > ah. tcpdump -i ethX tcp port 80 > > (and prepare for a flood of data). > If you decide to use tcpdump at all, maybe just limit to SYN packets as well: tcpdump -n -i ethX 'tcp port 80 and tcp[tcpflags] & tcp-syn != 0' Ray _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: log outbound port 80 connections
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: centos@xxxxxxxxxx
- Subject: Re: log outbound port 80 connections
- From: Ray Van Dolson <rvandolson@xxxxxxxx>
- Date: Tue, 5 Feb 2008 09:34:45 -0800
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <47A89CFA.40906@xxxxxxxxxxxx>
- References: <738EEAE1-79C0-4844-88C9-0FB7D7C1B02A@xxxxxx> <47A899B1.2030605@xxxxxxxxxxxx> <845413EC-19A7-491A-AE86-0829F5C62DAB@xxxxxx> <47A89CFA.40906@xxxxxxxxxxxx>
- User-agent: Mutt/1.5.17 (2007-11-01)
- References:
- log outbound port 80 connections
- From: Tony Schreiner
- Re: log outbound port 80 connections
- From: John R Pierce
- Re: log outbound port 80 connections
- From: Tony Schreiner
- Re: log outbound port 80 connections
- From: John R Pierce
- log outbound port 80 connections
- Prev by Date: Re: log outbound port 80 connections
- Next by Date: RE: Removing a disc from a software mirror
- Previous by thread: Re: log outbound port 80 connections
- Next by thread: Re: log outbound port 80 connections
- Index(es):
 |