[olug] System info RE: my ftp question

Mark Martin mmartin at amath.washington.edu
Mon Jan 14 14:46:21 UTC 2002


I haven't been following this thread too closely but I don't recall
seeing this suggestion.  When I was building firewalls at the beginning
of last year, I found it very useful to sniff packets on all of the
relevant interfaces.  That way I knew exactly what packets were trying
to go where and could easily see the errors of my ways.  In doing this,
it is important to use small, controlled test cases so you don't have to
analyze huge floods of packets and to make sure that you have the
sniffer report enough information so you can identify the packets and
their contents.

Snort (www.snort.org) or tcpdump (www.tcpdump.org) are more than
adequate for the task.  Tcpdump might already be on your system or is at
least on the Red Hat 7.1 CDs.  With either tool, you want to see the
header and part of the contents of each packet.  For tcpdump, this means
you want to see as much information as possible.  See the man page for
tcpdump and the man page and README files for snort for more
information.

Just a suggestion,

Mark
-- 
---------------------------------------------------------------------------
Mark A. Martin					Dept of Applied Mathematics
http://www.amath.washington.edu/~mmartin	University of Washington
---------------------------------------------------------------------------

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

For help contact olug-help at bstc.net - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at bstc.net
or `mail olug-unsubscribe at bstc.net < /dev/null`
(c)2001 OLUG http://www.olug.org

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_




More information about the OLUG mailing list