Remote Packet Sniffing

Protecting your Linux box

Remote Packet Sniffing

Postby jargon » Sun Oct 26, 2003 12:34 pm

Is it possible with current stuff like tethereal / tcpdump to monitor packets on a remote machine across the Internet. Perhaps monitoring the remote telnet port.

If so , I would appreciate it if anyone can help me with the tethereal command, can't seem to get anywhere w/ tethereal,

Thanks,
KH
Tehmasp Chaudhri =-
jargon
Lieutenant Colonel
 
Posts: 691
Joined: Mon Oct 13, 2003 9:40 am

Postby if » Sun Oct 26, 2003 6:04 pm

Aslam-o-Aliakum,

Brother... u'r question is not clear... anyway

There are many scenarios on internet or intranet or any type of network, i am putting here some tools which are helpful...

Xcat - Ip Monitor
by ComSec at Government Security Forum

this is a handy tool for network testing...if you decide to test your server against DDos attacks then this tool will monitor your up or down times...keeps an eye on up to 10 servers,pc,routers is a ..big plus

if your collegue uses a static IP then you will know when he comes on line with this tool...you can set the refresh rate to your needs... also handy if your under attack and the idiot is not using a proxy.

could be used in co-ordination with other security tools

i have tested it and it works fine

its free and only 9KB

Click for for Info and Download

Monitor Enterprise Network

To monitoring and eye on Enterprise Network...

Click for for Info and Download

I hope u like them... if these tools can't solve u'r problem... then plz send all the details about Network u want to monitor...
if u find anything which shows my lack of knowledge,
please guide me... thx
------------------------------------
Aslam-o-Aliakum-Wa-Rahmatullah-Wa-Barakatuhu
------------------------------------
if
if
Battalion Quarter Master Havaldaar
 
Posts: 224
Joined: Tue Aug 13, 2002 12:52 pm
WLM: ifhope@hotmail.com
Yahoo Messenger: hope_never@yahoo.com
Location: Islamabad

Re: Remote Packet Sniffing

Postby lambda » Mon Oct 27, 2003 7:27 pm

ssh root@remote.host tcpdump -np not port 22 ? heh.

sorry, i haven't used tethereal.

another way to do this is to use a managed switch that has lets you copy one port's traffic to another port, where your monitoring machine sits. that's a more transparent approach.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 3 guests

cron