find ip address of packets using etheral

dales79 · 01-18-2006, 01:13 PM

Hi

I have to set-up port address translation on my Linux Firewall. After this I need to find the ip address of all outgoing and incoming packets on the outside of the firewall.

I am intending on using ethereal to achieve this. Will ethereal show the internal ip address of the packet, as in 192.168.0.X? Or is there a way to set it so that it shows the ip address that is assigned by the firewall once the packet has passed through the firewall. Obviously the ip address at this statge will be that of the firewalls external interface, but I need to check that this is happening. I also need to be able to show the port number that has been assigned to each packet.

Can someone help me out on this?

Thanks in advance

Sam

Tinkster · 01-18-2006, 01:49 PM

I don't think you'll need ethereal... why don't you just use
a LOG rule within iptables for this?

Cheers,
Tink

dales79 · 01-18-2006, 01:56 PM

you mean something like?
iptables -t filter -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-prefix "INPUT: "
iptables -t filter -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-prefix "OUTPUT: "

(I got this from another post by gilead)

Tinkster · 01-18-2006, 02:06 PM

Yah, that's it :}

mmhicks · 02-16-2006, 11:34 AM

What does tripwire do?
What does ethereal do?
what does iptables do?
what does snort do?
How do you create an alias for the command ps?