Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: TCPdump
Special Forums IP Networking TCPdump Post 302951449 by Ultrix on Thursday 6th of August 2015 11:50:35 AM
Old 08-06-2015
But I'm on a switched network, so the network switch will filter out packets not destined for my computer and I will not receive them. I can understand why I would be getting those packets if the network were using a hub, since a hub just broadcasts packets to all hosts, but a switch will only send them to the host they are addressed to.
 

9 More Discussions You Might Find Interesting

1. Programming

How To Use tcpdump

I have two net-card. one is 172.16.24.99(ENG) ,another is 172.16.25.99(ENG-B). Both masks is 255.255.255.0. I will monitor data on the tcp port 8055 in ENG, How do I set option of tcpdump command (2 Replies)
Discussion started by: chenhao_no1
2 Replies

2. UNIX for Dummies Questions & Answers

tcpdump

does anybody know what the -d -dd and -ddd options are used for ? thanks (2 Replies)
Discussion started by: ant04
2 Replies

3. IP Networking

tcpdump question

Hi, I got the following question regarding tcpdump and I would appreciate your help/feedback: --Scenario I am instructed to capture the network traffic by getting the tcpdump data/files of our network for every hour. --Problem Some of the connections are still open when the capture is done... (1 Reply)
Discussion started by: jinsunnyvale
1 Replies

4. Cybersecurity

i would like to know about tcpdump

i would like to know about tcpdump i would like to use tcpdump to get information about these - Date - time - source hostname - source mac address - source ip address - destination ip address - see outbound only then i use command like this tcpdump -i le0 -n -q -tttt -e src net... (0 Replies)
Discussion started by: chamnanpol
0 Replies

5. IP Networking

i would like to know about tcpdump

i would like to know about tcpdump i would like to use tcpdump to get information about these - Date - time - source hostname - source mac address - source ip address - destination ip address - see outbound only then i use command like this tcpdump -i le0 -n -q -tttt -e src net... (2 Replies)
Discussion started by: chamnanpol
2 Replies

6. Linux

Capturing TCPDUMP

Hi, I want to capture TCPDUMP of traffic, I tried doing this but did not find success..can anyone plz correct it. # tcpdump -s0 -vv -w /home/osuresh/test_tcp_dump host 10.12.10.22 && port 161 bash: tcpdump: command not found # tcpdump -s0 -vv -w /home/osuresh/test_tcp_dump host... (5 Replies)
Discussion started by: sureshcisco
5 Replies

7. UNIX for Dummies Questions & Answers

tcpdump -i any does not work

Hi Everyone, anyone face "tcpdump -i any" does not work? i mean if i use -i eth0, can capture eth0, or use -i eth1 also can. but then tcpdump -i any, seems cannot capture packets. :confused: please advice, thanks (2 Replies)
Discussion started by: jimmy_y
2 Replies

8. Shell Programming and Scripting

TCPdump script

I'm new to the Unix/Linux world. I have taken classes and played with a few simple scripts but never had a real world application. Here is my problem. What I need to do is every 15min between 8am and 5pm, run tcpdump -s 2000 -w flowroute-0000.pcap where the "0000" is the current time. ... (4 Replies)
Discussion started by: Nasasdge
4 Replies

9. Debian

Tcpdump Help !

Hi. Need Help with TcpDump Trying to sniff associatio-request with tcpdump but when i run this tcpdump -i eth0 wlan subtype assoc-req i get this error can anyone help me with this error ? Thanks alot !!:) (1 Reply)
Discussion started by: SoulZB
1 Replies

LEARN ABOUT OSF1

ifaccess.conf

ifaccess.conf(4)					     Kernel Interfaces Manual						  ifaccess.conf(4)

NAME

       ifaccess.conf - Interface access filter configuration file

DESCRIPTION

       The  /etc/ifaccess.conf file is an optional system file that specifies access filter entries for network interfaces.  Interface access fil-
       tering provides a mechanism for detecting and preventing IP spoofing attacks. (See CERT Advisory CA-95:01).  The  source  addresses  of	IP
       input packets are checked against interface access filter entries; packets receive the action associated with the first matching entry. The
       /etc/ifaccess.conf file is read by the /usr/sbin/ifconfig command when called with the filter option.

       The /etc/ifaccess.conf file is defined as a Context-Dependent Symbolic Link (CDSL), and must be maintained as such.  See the System  Admin-
       istration manual for more information.

       Lines in /etc/ifaccess.conf may be comment lines beginning with a number sign (#), blank lines, or access filter entries with the following
       format: interface_id address mask action

       In the preceding format: Specifies the network interface for which this entry applies.  Is specified as a hostname,  network  name,  or	an
       Internet  address in the standard dotted-decimal notation.  Specifies which bits of the address are significant.  The mask can be specified
       as a single hexadecimal number beginning with 0x, in the standard Internet dotted-decimal notation, or beginning with a name. The mask con-
       tains 1s (ones) for the bit positions in address that are significant.  Specifies an entry to match packets against.  The following actions
       are allowed: permit, deny, or denylog.  Packets matching an entry with a permit action are passed to higher  levels;  packets  matching	an
       entry  with  a deny action are dropped; packets matching an entry with a denylog action are dropped, with a descriptive message sent to the
       system error logging facility.

       To prevent host spoofing, you must determine which networks are not secure and which interfaces are connected to those networks.  For exam-
       ple,  if  a  host is connected to a secure, trusted network on one interface and to non-trusted (non-secure) network on a second interface,
       you need to add an entry for the non-trusted network interface in the host's ifaccess.conf file.  Interfaces connected to trusted  networks
       do not require an entry in the ifaccess.conf file.

       Use the netstat(1) command to display the current access filters for the interface.

NOTES

       Some  machines  send IP broadcast messages to the alternate all-zeros address instead of the all-ones address. This generates the following
       error: ipintr: IP addr 0.0.0.0 on interface: access denied You should consider this error equivalent to the  following  error:  ipintr:	IP
       addr  255.255.255.255  on interface: access denied Use the tcpdump command to capture and examine the IP packets in order to find out about
       the machine sending them.

RESTRICTIONS

       An interface access filter entry mask must have at least as many significant bits set as the address.

       Interface access filters have an implicit default permit all entry at the end.

       Interface access filter entries are assigned in the order in which they appear in /etc/ifaccess.conf, with packets receiving the action	of
       the first entry that matches.

       At most IFAF_MAXENTRIES access filter entries may be assigned for each network interface. (See the /usr/sys/include/net/if.h file.)

       A  default  deny all entry may be configured by adding an entry similar to the following as the last entry for interface xyz0 in /etc/ifac-
       cess.conf file: xyz0 0.0.0.0 0.0.0.0 deny

       Only address family inet is supported.

EXAMPLES

       The following example shows the ifaccess.conf files for two hosts, Host A and Host B, on a network; trusted is the trusted network.  Host A
       connects to the trusted network via the fza0 interface and connects to an untrusted network, insecure1, via the ln0 interface.

       Host A's ifaccess.conf file includes the following entry: ln0 trusted 255.255.255.0 deny 	 # deny all packets from hosts that
					       # claim they originated from the
					       #  secure  network.   Host B connects to the trusted network via the fza0 interface; connects to an
       untrusted network, insecure1, via the ln0 interface; and connects to another untrusted network, insecure2, via the ln1 interface.  Host B's
       ifaccess.conf file includes the following entries: ln0 trusted 255.255.255.0 deny	  # deny all packets from hosts that
					       # claim they originated from the
					       # secure network.  ln1 trusted 255.255.255.0 deny	  # deny all packets from hosts that
					       # claim they originated from the
					       #  secure  network.   Note that there is no entry in the ifaccess.conf file for the trusted network
       device, fza0.  Only the untrusted network interfaces are configured with ifaccess.conf.

FILES

       Specifies the path name for the file.  Network interface structures header file.  Internet address and version structures header file.

RELATED INFORMATION

       Commands: netstat(1), ifconfig(8), syslogd(8), tcpdump(8).  delim off

																  ifaccess.conf(4)
All times are GMT -4. The time now is 07:57 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy