| View previous topic :: View next topic |
| Author |
Message |
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5941
|
 Posted: Sat Nov 22, 2008 7:24 pm Post subject: software to monitor ports activity |
 |
|
I've got a little problem, when my firewall is up I can't connect to samba, when it is down, samba is working, I want to findout which port is the problematic one, I've tried with tcpdump but I get alot of information, I need another program to cross reference the results, can you guys recommend me for logging which ports are been used or asked to be used
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
 |
meal
n00b
Joined: 20 Nov 2006
Posts: 65
Location: Silesia / Poland
|
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5941
|
| Posted: Sat Nov 22, 2008 8:17 pm Post subject: |
|
|
| meal wrote: | Have you allowed traffic on this port?
135 137 138 139 and 445 |
yes, here are my rules for these ports:
| Code: |
/sbin/iptables -A INPUT -i eth0 -p tcp -m state --state NEW --dport 135 -d $host -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p udp -m state --state NEW --dport 137:139 -d $host -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp -m state --state NEW --dport 137:139 -d $host -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp -m state --state NEW --dport 426 -d $host -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp -m state --state NEW --dport 445 -d $host -j ACCEPT
|
$hosts is a bunch of region addresses that I can be, I thought in switching them to 127.0.0.1 but I'm not sure if it will work
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
meal
n00b
Joined: 20 Nov 2006
Posts: 65
Location: Silesia / Poland
|
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5941
|
| Posted: Sat Nov 22, 2008 9:18 pm Post subject: |
|
|
| meal wrote: | | IIRC the "-d" argument must be a ip adresses class like 192.168.0.0/24 or specific address. |
it does, still, can you recommend a program?
OT: replacing 127.0.0.1 with all the address regions will work?
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
meal
n00b
Joined: 20 Nov 2006
Posts: 65
Location: Silesia / Poland
|
| Posted: Sat Nov 22, 2008 9:57 pm Post subject: |
|
|
127.0.0.1 wont allow you to connect from local network, cause it will open ports only on lo interface
You can use nmap from other computer and scan your machine [;
_________________
http://www.mkozak.pl
http://blog.mkozak.pl |
|
| Back to top |
|
|
|
Networking & Security
