[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Port monitoring activity

On Tue, 12 Aug 2003, Jason Dale wrote:

> Hi all, 
> I am looking for a standard run-of-the-mill Linux command
> that functions similarily to '/usr/sbin/mtr' ( A network diagnostic
> tool ) except can monitor how many network packets get sent 
> to or from a specific port. For example, I would want to know 
> how much traffic get's sent to and from port 25 on eth0, and how 
> many bytes get transferred with each packet. (A nifty way of finding
> out who is sending chompy emails). 
> The command can display a screen, much like mtc, which get's 
> updated realtime and/or at set intervals, showing interface/port
> activity levels.
> I don't know if any of you guys have been hit by the 
> W32.Blaster.Worm yet, but the kind of tool I am talking about will 
> be very useful in finding out what ports have 'unusual' amounts 
> of activity.

You might want to look at snort. It is real good at looking for "bad traffic"
It can be a pita to setup but.....

......Tom		Registered Linux User #14522	http://counter.li.org
tdiehl rogueind com	My current SpamTrap ------->	mtd123 rogueind com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]