Hi benjamin, Try snort. It is mainly an intrusion detection system, but an excellent sniffer as well. You can configure it to record all traffic from 194.125.250.21 to 192.168.10.94:80. By using the -d option it will log the payload as well. You will need a rule like "log tcp 194.125.250.21 any -> 192.168.10.94/32 80 (msg: "I need this session";session: printable;)" see http://www.snort.org/docs/writing_rules/ and http://www.snort.org/docs/faq.html for more info. hth, maarten > On a webserver I maintain, there is a process trying to connect to another > external address from time to time. The process must be started by a > customer's web script but I cannot find it. The communication looks like this: > > 194.125.250.21:xxxx --> 192.168.10.94:80 ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
