Monitoring certain Hosts

smileycap · n00b Joined: 29 Jul 2004 Posts: 2

What I want to be able to do is monitor any and all types of incoming and outgoing connections of a host/IP. What programs will allow me to do this? Any help is greatly appreciated.

db_404 · Guru Joined: 05 Dec 2002 Posts: 336

If it's a host on your subnet then ettercap and a packet analysis/dump tool (e.g ethereal, tcpdump, netcat etc..etc.).

If it's not a host on your subnet then, erm, no you can't.

smileycap · n00b Joined: 29 Jul 2004 Posts: 2

Ahh, I didn't ask my question correctly. What i want to do is log incoming/outgoing data coming from/going to certain hosts. How can i do this?

Jeremy_Z · l33t Joined: 05 Apr 2004 Posts: 671 Location: Shanghai

You can log via iptables, just have a rule for that host.
_________________
"Because two groups of consumers drive the absolute high end of home computing: the gamers and the porn surfers." /.
My gentoo projects, Kelogviewer and a QT4 gui for etc-proposals

intgr · Posted: Thu Jul 29, 2004 8:28 pm Post subject:

You might want to try ngrep, it's quite useful if you want to capture only some substrings from the TCP traffic.
Also, ettercap has a nice ncurses UI, and it can perform man-in-the-middle for SSL, but be careful -- you can blow up your LAN if you enable some of its malicious features.

db_404 · Guru Joined: 05 Dec 2002 Posts: 336

To log the connections you could use IP tables. If you are after the actual data you'll have to use something like ethereal or tcpdump (or even snort). You can set these up to only capture packets to/from the sources you specify.

Ethereal is probably the easiest to use, have a look at http://www.ethereal.com.

Jeremy_Z · l33t Joined: 05 Apr 2004 Posts: 671 Location: Shanghai

If you want to log the data ethereal could do the trick, but if you want to analyze the data and/or do things according to the data you may have to hack your own perl script.

For example it is very easy to detect kazaa user by looking into the packets for obvious