09-02-2014
sorry! the first set of numbers is supposed to be 192.168.222.4, more to add would be that 192.168.222.2 is the gateway and dns of 192.168.222.4
and yes there is a port range. i think thats only the case if it cant connect the the server on 10.10.10.250. but the program i need to use eats all traffic that isnt needed.
so in turn its 10.10.10.250 being the reporting box, 10.10.10.125 being the connection live to the web to hit said reporting box, and 192.168.222.2 being the gateway/dns server of 192.168.222.4.
192.168.222.4 > 192.168.222.2 > 10.10.10.125 > 10.10.10.250
i say this because the last time i had it working it showed 10.10.10.125 as the address for 192.168.222.4(i assume thats masquerading) on the reporting box, and in the inetsim config file it says what ip should be used if inetsim will act as a router for certain traffic
This is a malware traffic analysis box. so it needs to only have this one ip address allowed on this one port so that it can report findings of files run to said box.
the inetsim program also makes its own rules that are pretty annoying. at one point i had it telling me that it was established but wasnt showing activity on the destination server. and now its back to square one. let me know if you need more details. sorry for the typo!
and i have traffic from 10.10.10.250 already accepted, its from 192.168.222.2 that i cant get routed.
7 More Discussions You Might Find Interesting
1. UNIX Desktop Questions & Answers
Help,
I have been stuck on this issue for weeks.
I am a unix noobie.
I have a very long string and within that string I am trying to get proc file names
ie
PROCNAME1=SOME_FILENAME_UPDTBASE.SQL
There is a space on either side.
I can't for the life of me peel out the proc name:... (13 Replies)
Discussion started by: owenian
13 Replies
2. Shell Programming and Scripting
Although my sed skills are gradually developing, thanks in large part to this forum, I'm having a hard time dealing with pattern space and looping, which I suspect is what I'll need a better handle on to figure out my current issue, which is converting a multi line file like this:
... (4 Replies)
Discussion started by: tiggyboo
4 Replies
3. UNIX for Dummies Questions & Answers
Hi All,
i was reading up on a umask question on this forum and have a question on this.
the umask value on my home PC running on cygwin is 022. when i create a dir it defaults to permission 755, when i create a file it defaults to 644. Now it starts at 777 for dirs and 666 for files and... (1 Reply)
Discussion started by: Irishboy24
1 Replies
4. Shell Programming and Scripting
Hi,
First post here. I have something that may prove to be difficult.
I have the following files:
Example1.0.0.tar.gz
Example2.tar
Example3.zip
Example4.0.0.0.0.0.bzip2
I need to remove the file extensions and store as a variable so they look like this:
Example1.0.0
Example2... (3 Replies)
Discussion started by: Spadez
3 Replies
5. Shell Programming and Scripting
hello; Got a problem running monitoring scripts using sudo ssh.. Mgmt decided to take away root sudoers access.. so most of the scripts ran as:
sudo ssh $BOX ...
Now I need to run them as:
echo $my_pw | sudo -S -l my_user_id $BOX ...
I tried this but not working..
Any wisdom/tricks... (3 Replies)
Discussion started by: delphys
3 Replies
6. Red Hat
I want to start by saying I already resolved my issue but I want to understand why I am seeing what I am seeing.
I have a server with a RAID controller two 500GB drives and six 600GB drives. The two 500GB drives are mirrored and have the OS installed on them. The six 600GB they wanted set as... (4 Replies)
Discussion started by: scotbuff
4 Replies
7. OS X (Apple)
OSX 10.12.3, default bash terminal.
Consider this code and note it is calling 'sh' inside the code...
#!/bin/sh
echo '1\n2\n2\n3\n5' > /tmp/text
hexdump -C /tmp/text
/bin/echo '1\n2\n3\n4\n5' > /tmp/text
hexdump -C /tmp/text
Now view the interactive mode below, note the underlying shell is... (6 Replies)
Discussion started by: wisecracker
6 Replies
LEARN ABOUT DEBIAN
lire::firewall::ipfilterdlfconverter
IpfilterDlfConverter(3pm) LogReport's Lire Documentation IpfilterDlfConverter(3pm)
NAME
Lire::Firewall::IpfilterDlfConverter - convert ipf (ipmon) logs to firewall DLF
DESCRIPTION
Lire::Firewall::IpfilterDlfConverter converts Ipfilter logs into firewall DLF format. Input for this converter is the standard ipf syslog
log file as produced by ipmon. IP Filter is shipped with FreeBSD, OpenBSD (up to 2.9) and some other OS's.
EXAMPLE
A ipfilter logfile which looks like
Oct 30 07:42:29 rolle ipmon[16747]: 07:42:28.585962 ie0 @0:9
b 192.168.48.1,45085 -> 192.168.48.2,22 PR tcp len 20 64 -S OUT
Oct 30 07:40:24 rolle ipmon[16747]: 07:40:23.631307 ep1 @0:6
b 192.168.26.5,113 -> 192.168.26.1,3717 PR tcp len 20 40 -AR OUT
Oct 30 07:42:29 rolle ipmon[16747]: 07:42:28.585962 ie0 @0:9
b 192.168.48.1,45085 -> 192.168.48.2,22 PR tcp len 20 64 -S OUT
Oct 30 07:44:11 rolle ipmon[16747]: 07:44:10.605416 2x ep1 @0:15
b 192.168.26.1,138 -> 192.168.26.255,138 PR udp len 20 257 IN
Oct 30 07:44:34 rolle ipmon[16747]: 07:44:33.891869 ie0 @0:10
b 192.168.48.1,23406 -> 192.168.48.2,22 PR tcp len 20 64 -S OUT
Oct 30 07:49:13 rolle ipmon[16747]: 07:49:12.554420 ep1 @0:15
b 210.132.100.117 -> 192.168.26.5 PR icmp len 20 56 icmp 3/3 for
192.168.26.5,61915 - 210.132.100.117,53 PR udp len 20 23040 IN
Oct 30 07:50:23 rolle ipmon[16747]: 07:50:22.908107 ep1 @0:15
b 210.132.100.117 -> 192.168.26.5 PR icmp len 20 56 icmp 3/3 for
192.168.26.5,4480 - 210.132.100.117,53 PR udp len 20 19712 IN
Oct 30 07:56:11 rolle ipmon[16747]: 07:56:11.113029 2x ep1 @0:15
b 192.168.26.1,138 -> 192.168.26.255,138 PR udp len 20 257 IN
(that's: .... 'PR' protocol 'len' length_of_ip_headers_saved packetlength direction) will get converted to something like
994398737 denied igmp 100.187.115.1 - ep1 LIRE_NOTAVAIL
224.0.0.2 - 56
994398861 denied igmp 100.187.115.1 - ep1 LIRE_NOTAVAIL
224.0.0.1 - 56
994398862 denied igmp 100.187.115.1 - ep1 LIRE_NOTAVAIL
224.0.0.2 - 56
994406849 denied udp 192.168.26.4 137 ie0 LIRE_NOTAVAIL
192.168.26.255 137 116
994406850 denied udp 192.168.26.4 137 ie0 LIRE_NOTAVAIL
192.168.26.255 137 116
994406866 denied udp 192.168.26.4 137 ie0 LIRE_NOTAVAIL
192.168.26.255 137 98
SEE ALSO
ipl(4) for description of log structure.
The ipmon.c source (e.g. on
http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/
src/usr.sbin/ipmon/Attic/ipmon.c?rev=1.27&
content-type=text/plain&hideattic=0
) for the specification of the log syntax.
The IP Filter webpage on http://coombs.anu.edu.au/~avalon/ip-filter.html
AUTHOR
Joost van Baal <joostvb@logreport.org>, Wessel Dankers <wsl@logreport.org>
VERSION
$Id: IpfilterDlfConverter.pm,v 1.7 2009/03/15 08:10:55 vanbaal Exp $
COPYRIGHT
Copyright (C) 2001-2003 Stichting LogReport Foundation LogReport@LogReport.org
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with
http://www.gnu.org/copyleft/gpl.html.
Lire 2.1.1 2009-03-15 IpfilterDlfConverter(3pm)