Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: enhanced tcpdump is needed
Special Forums IP Networking enhanced tcpdump is needed Post 302085439 by Hitori on Thursday 17th of August 2006 09:56:12 AM
Old 08-17-2006
It's simple to capture packets and store it's headers in BerkeleyDB with secondary dbs etc., but it's a lot of work to make some interface to serach for information in this db
 

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

C2 or enhanced security

We are using c2 / enhanced security on digital unix. I do not have access to the GUI. I need to get information on login status for users. Specifically I would like to know who has not logged in within the last 6 months. I think I can query the edauth files, but I can't find information on... (4 Replies)
Discussion started by: MizzGail
4 Replies

2. Solaris

Enhanced Password Authentication

Hello; I am moving a customer from Solaris 2.6 to Solaris 2.8. The customer has requested the following two requirements also be implemented: 1. Lock a user account out for X number of days after 3 unsuccessful login attempts. 2. No reuse of the last 5-10 passwords. Also referred to... (1 Reply)
Discussion started by: rambo15
1 Replies

3. UNIX for Advanced & Expert Users

Are there many UNIX server security enhanced products?

for sco, hp, or AIX...... anyway, how can I secure the UNIX system. I knew that CA has it's products for securing the UNIX server system. Please tell me more about other vender, and their products thxs! (0 Replies)
Discussion started by: brookwk
0 Replies

4. Shell Programming and Scripting

enhanced substitution

Dear I have a problem on which I turn araound since hours. Hope you could help me. I have a bash script, which activates with "nohup ./script2 params & " several subscripts. In my main script, I have set lot's of variables, which I would pass into script 2. My idea is now to create a... (3 Replies)
Discussion started by: pramach
3 Replies

5. UNIX for Dummies Questions & Answers

Convergent Enhanced Ethernet

Hi. I guess this my dummy question is for super-gurus. I'm on Red Hat' documentation regarding their RDMA capabilities over "convergent" Ethernet network. I read everything that I could find on inet, wikipedia etc. about the technology itself. I can't figure out, how can I determine if the... (0 Replies)
Discussion started by: newlinuxuser1
0 Replies

6. AIX

Normal VG to Enhanced Concurrent VG

Hi All, I am going to perform some activity in 2Node HA Server(Active/Passive). For that i have to do some pre-requsite (ie., Resource Group VG's should be Enhanced-Concurrent) In my setup, we have two volume groups in one RG. In that one VG is Normal and another is Enhance Concurrent. ... (2 Replies)
Discussion started by: Thala
2 Replies

7. What is on Your Mind?

New Enhanced Forum Features for VIP Members

Dear All, Thank you for your support. As promised I have upgrade features for unix.com forum VIP members as follows: Who's Online Permissions Can View IP Addresses Can View Detailed Location Info for Users Can View Detailed Location Info of Users Who Visit Bad / No Permission... (0 Replies)
Discussion started by: Neo
0 Replies

LEARN ABOUT FREEBSD

if_enc

ENC(4)							   BSD Kernel Interfaces Manual 						    ENC(4)

NAME

     enc -- Encapsulating Interface

SYNOPSIS

     To compile this driver into the kernel, place the following line in your kernel configuration file:

	   device enc

DESCRIPTION

     The enc interface is a software loopback mechanism that allows hosts or firewalls to filter ipsec(4) traffic using any firewall package that
     hooks in via the pfil(9) framework.

     The enc interface allows an administrator to see incoming and outgoing packets before and after they will be or have been processed by
     ipsec(4) via tcpdump(1).

     The ``enc0'' interface inherits all IPsec traffic.  Thus all IPsec traffic can be filtered based on ``enc0'', and all IPsec traffic could be
     seen by invoking tcpdump(1) on the ``enc0'' interface.

     What can be seen with tcpdump(1) and what will be passed on to the firewalls via the pfil(9) framework can be independently controlled using
     the following sysctl(8) variables:

     Name			      Defaults	    Suggested
     net.enc.out.ipsec_bpf_mask       0x00000003    0x00000001
     net.enc.out.ipsec_filter_mask    0x00000001    0x00000001
     net.enc.in.ipsec_bpf_mask	      0x00000001    0x00000002
     net.enc.in.ipsec_filter_mask     0x00000001    0x00000002

     For the incoming path a value of 0x1 means ``before stripping off the outer header'' and 0x2 means ``after stripping off the outer header''.
     For the outgoing path 0x1 means ``with only the inner header'' and 0x2 means ``with outer and inner headers''.

     incoming path					    |------|
     ---- IPsec processing ---- (before) ---- (after) ----> |	   |
							    | Host |
     <--- IPsec processing ---- (after) ----- (before) ---- |	   |
     outgoing path					    |------|

     Most people will want to run with the suggested defaults for ipsec_filter_mask and rely on the security policy database for the outer head-
     ers.

EXAMPLES

     To see the packets the processed via ipsec(4), adjust the sysctl(8) variables according to your need and run:

	   tcpdump -i enc0

SEE ALSO

     tcpdump(1), bpf(4), ipf(4), ipfw(4), ipsec(4), pf(4), tcpdump(8)

BSD
								 November 28, 2007							       BSD
All times are GMT -4. The time now is 11:01 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy