LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-09-2004, 03:18 PM   #1
linuxboy69
Member
 
Registered: Oct 2003
Distribution: Redhat 9
Posts: 138

Rep: Reputation: 15
Can I use Snort to see what web clients are seeing?


I have snort installed on one of my webservers. When I use snort to log the payload of the packets I just get this:

09/09-12:11:30.437043 192.168.2.22:80 -> 217.30.248.133:2020
TCP TTL:64 TOS:0x0 ID:8028 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6B88740B Ack: 0x940AE9CE Win: 0x1A20 TcpLen: 20
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF 8E 8A 89 78 74 73 .............xts
54 50 4F 88 84 83 74 70 6F 5D 59 58 6C 68 67 67 TPO...tpo]YXlhgg
63 62 76 72 71 98 94 93 8C 88 87 7B 77 76 95 91 cbvrq......{wv..

I may be way off base here but is it possible to see a text output of the webpages that clients are viewing. I would like to do this so I could see if clients are getting any errors when viewing my webpages.

Thanks in advance
 
Old 09-09-2004, 03:39 PM   #2
DrOzz
Senior Member
 
Registered: May 2003
Location: Sydney, Nova Scotia, Canada
Distribution: slackware
Posts: 4,185

Rep: Reputation: 59
not sure about snort, but you could do :
Code:
tail -f /var/log/apache/access.log
and it will show the IP of the user, and what page they change to / viewing.
 
Old 09-09-2004, 04:13 PM   #3
linuxboy69
Member
 
Registered: Oct 2003
Distribution: Redhat 9
Posts: 138

Original Poster
Rep: Reputation: 15
The situation is such that the pages deal mostly with dynamic data so the output of the page can vary greatly between different clients. I need to see not only the pages that are being accessed but if the ouput coming from these pages has any errors. I know that most people would say "why don't you have error checking on your coded pages" and the answer is I do but I would like to do this as another messure of error checking. The more and more I look into this, the more I start to think this might not be possible.

A while back I used Ethereal to view stuff over the network but not sure if it can do what I need.

Any help is greatly appreciated.

Last edited by linuxboy69; 09-09-2004 at 04:30 PM.
 
Old 09-10-2004, 07:04 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,666
Blog Entries: 54

Rep: Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952
//FWIW this doesn't belong in Linux - Security, more like Linux - General
Since you obviously are a stage beyond looking at server generated errorcodes, what kind of errors are you exactly looking for? Are they purely textual, or are they a mix of say per-ID text, layout, styles 'n such? I mean, if that's the case any sniffer won't do and you'll need something more sophisticated unless you want to ogle output all of the day and all of the night. Not that I can suggest any package for that... except
The situation is such that the pages deal mostly with dynamic data so the output of the page can vary greatly between different clients.
actually using different clients?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Web clients (SSH, TelNet and IRC) Granden General 0 06-27-2005 04:24 AM
Can access web from clients but not server bnemesis Linux - Networking 2 10-03-2004 10:47 PM
Setting up web clients g452 Linux - Networking 10 09-11-2004 01:24 PM
Making Default Web and Mail clients? carlosinfl Linux - Software 0 07-01-2004 05:44 AM
Linux clients cant fully access web server NetAX Linux - Networking 1 06-03-2004 02:00 PM


All times are GMT -5. The time now is 04:52 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration