Snort can do what you want.
www.snort.org.
Bruno.
----- Original Message -----
From: "Benjamin Stocker" <bstocker@media-plus.ch>
To: <security-discuss@linuxsecurity.com>
Sent: Monday, April 08, 2002 2:55 PM
Subject: dumping specific ip packet
>
>
> Hy,
>
> On a webserver I maintain, there is a process trying to connect to another
> external address from time to time. The process must be started by a
> customer's web script but I cannot find it. The communication looks like
this:
>
> 194.125.250.21:xxxx --> 192.168.10.94:80
>
> My firewall is already blocking it but I would like to see teh content t
> find out who/which script is initiating this communication. Is there a
> tool to filter this packets and dump it's content to a file? I tried
> ettercap but could not get the job done with it.
>
> Many thanks for your help
> Mel
>
>
>
> ------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@linuxsecurity.com
> with "unsubscribe" in the subject of the message.
>
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
