LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 10-21-2004, 05:51 PM   #1
rgarner
LQ Newbie
 
Registered: Oct 2004
Posts: 3

Rep: Reputation: 0
tethereal capture filter??


hi everyone! first post here. anyways, i work for a medium size isp, and i need to smiff the network occasionally for traffic that would do harm to our netowork. i understand that i will not catch everything, but i have 2 questions.

question 1 - i need to filter out traffic that would do harm to our ethernet network. broadcast traffic is definitely something to look at. but what else would i look for?

question 2-after i know what kind of traffic i need to sniff, how do i create the filter? can u give an example in tethereal string.

thanks!
 
Old 10-21-2004, 07:05 PM   #2
UsualTuxpect
Member
 
Registered: Aug 2004
Location: New York
Distribution: --------- Gentoo-2004.2 [2.6.8] Redhat-9 [2.6.6]
Posts: 545

Rep: Reputation: 31
I didnt get u ... exactly ... sniffing on your customer's ??????? or) ur isp's network infrastructure???

If it is for the former isn't it illegal???

I migh give u some hints depending on ur answer...
 
Old 10-22-2004, 09:55 AM   #3
rgarner
LQ Newbie
 
Registered: Oct 2004
Posts: 3

Original Poster
Rep: Reputation: 0
our isp network infrastructure...
what is so illegal about an ids system that gets rid of unwanted and malicious traffic, especially if this traffic produces dos attacks?
 
Old 10-22-2004, 02:15 PM   #4
jev-bird
Member
 
Registered: Jul 2004
Location: USofA
Distribution: Whatever runs accordingly.
Posts: 200

Rep: Reputation: 30
It's all about the packets baby! Sniff away to your hearts desire, although ethereal won't actually filter the traffic for you. It's just an anylizer. You need none other but a decent packet filter for that. iptables perhaps reading the man page. For an isp though, you'll have to get a bit more extensive than that. And to be honest if you had permission and actually worked for the isp like you say, I don't think you would be asking that question here.

Btw, I think there is a networking section here down the street or so. Good lucker.
 
Old 10-22-2004, 03:46 PM   #5
UsualTuxpect
Member
 
Registered: Aug 2004
Location: New York
Distribution: --------- Gentoo-2004.2 [2.6.8] Redhat-9 [2.6.6]
Posts: 545

Rep: Reputation: 31
was just curious.. I didn't say IDS is illegal...


http://staff.washington.edu/dittrich/misc/ddos/
http://www.infosyssec.com/infosyssec/secdos1.htm
http://lever.cs.ucla.edu/ddos/prospectus.pdf
http://www.sans.org/dosstep/
http://www.sans.org/dosstep/roadmap.php
 
Old 10-22-2004, 04:23 PM   #6
rgarner
LQ Newbie
 
Registered: Oct 2004
Posts: 3

Original Poster
Rep: Reputation: 0
thank you usual!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Display Protocol Hierarchy Statistics with tethereal powah Linux - Software 0 08-22-2005 12:35 PM
Using Tethereal to diagnose Samba Traffic ericthebikeman Linux - Networking 2 05-24-2005 10:23 AM
tethereal on wireless malckelly Linux - Wireless Networking 0 11-03-2004 06:55 AM
Spam filter to external mail filter deadlock Linux - Software 1 06-16-2004 03:28 AM
Capture support for dvd and video capture in linux is it even going to be real ever? maximalred Linux - Distributions 3 07-06-2003 08:29 PM


All times are GMT -5. The time now is 08:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration