LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-10-2011, 08:38 PM   #16
dirtydog7655
Member
 
Registered: Jan 2011
Posts: 47

Original Poster
Rep: Reputation: 0

I thought so. Judging by all of the editing he was doing to previous posts and making them the longest forum post you had ever seen, i was kind of expecting something.

You on the other hand Unix, have been a tremendous help and for that i thank you a ton!
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 03-10-2011, 08:50 PM   #17
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Much thanks for those compliments!
 
Old 03-10-2011, 09:48 PM   #18
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally Posted by unixfool View Post
I've reported this thread to an admin. Apparently, someone has a history of trolling.
Thanks for the report. I've moved all the OT posts here.

Hopefully this thread can get back on topic now.

Last edited by win32sux; 03-11-2011 at 10:05 AM.
 
Old 03-11-2011, 01:27 PM   #19
dirtydog7655
Member
 
Registered: Jan 2011
Posts: 47

Original Poster
Rep: Reputation: 0
Thank you very much Win for bothing moving them, and locking that post! Super thanks!

Now! Back on topic! My friend was telling me that he found a GREAT site for tcpdump. Sadly he forgot to mention the name of that site! Any ideas of one? I have found the man page for it which by the way, is like you said huge!
 
Old 03-11-2011, 01:38 PM   #20
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,818

Rep: Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004
Here's an interesting site about tcpdump:
http://danielmiessler.com/study/tcpdump/

To verify, this is for educational purposes ONLY.

Josh
 
2 members found this post helpful.
Old 03-12-2011, 12:38 AM   #21
dirtydog7655
Member
 
Registered: Jan 2011
Posts: 47

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by corp769 View Post
Here's an interesting site about tcpdump:
http://danielmiessler.com/study/tcpdump/

To verify, this is for educational purposes ONLY.

Josh
hahah. Funny you should mention that site because yesterday I came across it. Then today my friend was telling me about a site that had a wealth of knowledge on it for tcpdump. He failed to tell me the name of the site so i sent him a message and he told me it was that one haha! I haven't looked into a whole lot but i have a little. Will definitely check it out if two people recommend it. Which they do haha.
 
Old 03-12-2011, 12:50 AM   #22
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,818

Rep: Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004
Check out packetstormsecurity on the web, they have lots of information too, just so you know.
 
Old 03-12-2011, 01:00 AM   #23
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by corp769 View Post
Here's an interesting site about tcpdump:
http://danielmiessler.com/study/tcpdump/

To verify, this is for educational purposes ONLY.

Josh
This is a pretty good tutorial/howto/help page for tcpdump. Thanks for sharing!

Oh, and BTW, you aren't going to damage anything with tcpdump...no need for a disclaimer, IMO. On a properly configured system, a normal user won't be able to run it (I believe it'll put the sniffed interface within promisc mode...that would require escalated privs).
 
Old 03-12-2011, 01:03 AM   #24
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,818

Rep: Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004
Oh I know but I would rather be safe than sorry, especially with the normally strict rules on LQ.
 
Old 03-12-2011, 03:48 AM   #25
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Quote:
Originally Posted by unixfool View Post
This is a pretty good tutorial/howto/help page for tcpdump. Thanks for sharing!
Indeed a nice one.


Quote:
Originally Posted by unixfool View Post
Oh, and BTW, you aren't going to damage anything with tcpdump...no need for a disclaimer, IMO.
I know you meant "damaging" in other ways (not the fault of the tool but the intention of the user) but still, from the obvious-PEBCAK-department:
Code:
]# tcpdump -n -i eth1 -w /etc/shadow
. OTOH running
Code:
]# tcpdump -n -i eth1 -w /var/log/tcpdump.pcap
seems innocuous until one day one finds services refuse to run and one can no longer log in (as in filled up /var partition) :-]
 
Old 03-12-2011, 01:05 PM   #26
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by unSpawn View Post

I know you meant "damaging" in other ways (not the fault of the tool but the intention of the user) but still, from the obvious-PEBCAK-department:
Code:
]# tcpdump -n -i eth1 -w /etc/shadow
. OTOH running
Code:
]# tcpdump -n -i eth1 -w /var/log/tcpdump.pcap
seems innocuous until one day one finds services refuse to run and one can no longer log in (as in filled up /var partition) :-]
Haha!

You'd have to be root to run it, though...I see the hash prompt. Or use sudo. Usually people that already have root access or can run it via sudo are trusted enough to have those types of permissions. The only other way would be to crack the system or apply social engineering. I've not heard of people purposely using tcpdump to fill up a drive slice. It can be done, but there are more direct ways of purposely borking a system, IMO. I have heard of coworkers leaving a tcpdump recording session going until the system's drive slice fills, though...these were by accident. These were security engineers who did this...these guys typically have escalated privileges to troubleshoot system errors and such. The 'lessons learned' from those instances were to cap the recording process (collect only 1 gig worth of logs, for instance, which tcpdump will allow you to do, or to create elaborate filters such as only looking for a certain protocol [tcp port 21 to a certain destination, for instance]).

From a malicious user standpoint, its a bit difficult to abuse tcpdump. If you've access to tcpdump, you probably have access to more potentially destructive commands. The combination of destructive potential of certain commands and escalated permissions along with intent can be deadly, but I think intent has the greatest weight in the above cases.
 
1 members found this post helpful.
Old 03-12-2011, 01:10 PM   #27
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,818

Rep: Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004
Yeah, I never heard of anyone using tcpdump in a malicious way. I always thought you really couldn't do much, unless you were trying to fill up useless space, like said before.
 
Old 03-12-2011, 02:05 PM   #28
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Quote:
Originally Posted by unixfool View Post
If you've access to tcpdump, you probably have access to more potentially destructive commands.
True. I did state PEBCAK though but never mind, it appears I'll have to have a look at my humor lexer again. Or avoid attempts at injecting humor altogether. Yeah, that prolly works best for me :-]

I'd say let's get back to the topic.

Last edited by unSpawn; 03-12-2011 at 02:10 PM.
 
1 members found this post helpful.
Old 03-12-2011, 08:47 PM   #29
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
For the snaplen, I've found that the parameter requirements change according to platform... I'll have to check again, but I'd thought that OBSD's parameters were different than Linux's. Of all the options, -s is probably the most crucial, IMO. Without a full view, whatever you're looking for could be missed.

Also, whatever you record in tcpdump can also be viewed via snort (and the reverse also applies).

Last edited by unixfool; 03-12-2011 at 08:50 PM.
 
Old 03-12-2011, 08:48 PM   #30
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by unSpawn View Post
True. I did state PEBCAK though but never mind, it appears I'll have to have a look at my humor lexer again. Or avoid attempts at injecting humor altogether. Yeah, that prolly works best for me :-]

I'd say let's get back to the topic.
Yeah, I caught the humor.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Fun stuff I can do with my server? Snouser Debian 3 11-01-2006 10:59 PM
fun dual network stuff FliesLikeABrick Linux - Networking 26 09-13-2005 10:53 PM
Fun stuff we've installed Kroenecker Linux From Scratch 2 10-08-2004 05:03 AM
add your fun quotes and stuff Mattentaart General 16 05-05-2004 04:24 PM
linux fun stuff punt Linux - General 14 08-30-2001 07:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration