Everywhere on the net I see tutorials on how to use tcpdump or snort, but I just don't see a pupose in this. What is the true purpose of using tcpdump or snort? How will it secure my server?
Are there any good tutorials out there that does not only explain how to use a packet sniffer but also on what the purpose is?
why do I needs this below?
We can run tcpdump by simply typing:
# tcpdump
Resulting in:
23:29:04.050167 spider.3224 > 66-28-147-032.servercentral.net.6020: . ack 36517 win 16044
23:29:04.059645 66-28-147-032.servercentral.net.6020 > spider.3224: P 36517:37969(1452) ack 1 win 5840 (DF)
23:29:04.092955 daffy.pmatulis.homeunix.net.netbios-ns > 192.168.1.255.netbios-ns: nbt-query-req-bcast
23:29:04.093587 daffy.pmatulis.homeunix.net.netbios-ns > 192.168.1.255.netbios-ns: nbt-query-req-bcast
23:29:04.093836 mudra.pmatulis.homeunix.net.netbios-ns > daffy.pmatulis.homeunix.net.netbios-ns: nbt-query-positive-resp (DF)
23:29:04.095028 mudra.pmatulis.homeunix.net.netbios-ns > daffy.pmatulis.homeunix.net.netbios-ns: nbt-query-positive-resp (DF)
23:29:04.097645 daffy.pmatulis.homeunix.net.netbios-ns > 192.168.1.255.netbios-ns: nbt-registration-req-bcast
23:29:04.098410 mudra.pmatulis.homeunix.net.netbios-ns > daffy.pmatulis.homeunix.net.netbios-ns: nbt-registration-negative-resp (DF)
23:29:04.143267 66-28-147-032.servercentral.net.6020 > spider.3224: P 37969:39421(1452) ack 1 win 5840 (DF)
23:29:04.145122 spider.3224 > 66-28-147-032.servercentral.net.6020: . ack 39421 win 13140
source
http://www2.papamike.ca:8082/tutorials/pub/tcpdump.html
Thanks for any help.