Re: tcpdump, libcap versions, maliciously hacked

Bret Hughes wrote: On Fri, 2002-11-15 at 12:33, Joseph A Nagy Jr wrote: Wolfgang Pfeiffer wrote: please see: "CERT® Advisory CA-2002-30 Trojan Horse tcpdump and libpcap Distributions" http://www.cert.org/advisories/CA-2002-30.html Hoping it helps And my apologies if that w

Re: tcpdump, libcap versions, maliciously hacked

On Fri, 2002-11-15 at 12:33, Joseph A Nagy Jr wrote: > Wolfgang Pfeiffer wrote: > > please see: > > "CERT® Advisory CA-2002-30 Trojan Horse tcpdump and libpcap > > Distributions" > > http://www.cert.org/advisories/CA-2002-30.html > > > > Hopi

Re: tcpdump, libcap versions, maliciously hacked

Wolfgang Pfeiffer wrote: Involved versions: tcpdump-3.6.2.tar.gz tcpdump-3.7.1.tar.gz libpcap-0.7.1.tar.gz please see: "CERT® Advisory CA-2002-30 Trojan Horse tcpdump and libpcap Distributions" http://www.cert.org/advisories/CA-2002-30.html Hoping it helps And my apologies if that w

tcpdump, libcap versions, maliciously hacked

Involved versions: tcpdump-3.6.2.tar.gz tcpdump-3.7.1.tar.gz libpcap-0.7.1.tar.gz please see: "CERT® Advisory CA-2002-30 Trojan Horse tcpdump and libpcap Distributions" http://www.cert.org/advisories/CA-2002-30.html Hoping it helps And my apologies if that was already written here ..

Re: URGENT ipchains & tcpdump

a rule in the ipchains like: >> >> # ipchains -A input -p udp -s 0/0 2002 -d 0.0.0.0/32 2002 j >DENY >> >> 1. do i have to do something else in order for this rule to >take effect >> immediately and >> 2. am i supposed to see the udp traffic STILL if i do >

Re: URGENT ipchains & tcpdump

>take effect >> immediately and >> 2. am i supposed to see the udp traffic STILL if i do >> >> #tcpdump port 2002 >> >> thanks >> >> >Trying to block Slapper, huh? > >1.- You don't need to do anything after. It will take effec

Re: URGENT ipchains & tcpdump

02 -d 0.0.0.0/32 2002 j DENY > > 1. do i have to do something else in order for this rule to take effect > immediately and > 2. am i supposed to see the udp traffic STILL if i do > > #tcpdump port 2002 > > thanks -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTE

Re: URGENT ipchains & tcpdump

ve to do something else in order for this > rule to take effect > immediately and > 2. am i supposed to see the udp traffic STILL if i > do > > #tcpdump port 2002 > > thanks > > > > > > > -- > redhat-list mailing list > unsubscribe > mailto:

Re: URGENT ipchains & tcpdump

effect > immediately and > 2. am i supposed to see the udp traffic STILL if i do > > #tcpdump port 2002 > > thanks > > Trying to block Slapper, huh? 1.- You don't need to do anything after. It will take effect immediately. 2.- Apply the rule ALSO for OUTPUT since u

URGENT ipchains & tcpdump

STILL if i do #tcpdump port 2002 thanks -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Ignore broadcasts on tcpdump

tcpdump -i eth0 not broadcast On Wed, 11 Apr 2001, Pieter De Wit wrote: > Hello Guys and Gals, > > How do I ignore broadcasts under tcpdump ? Also where can I get some more > info on the file that is used for ignoring traffic from more then one host ? > > Thanks,

Ignore broadcasts on tcpdump

Hello Guys and Gals, How do I ignore broadcasts under tcpdump ? Also where can I get some more info on the file that is used for ignoring traffic from more then one host ? Thanks, Pieter De Wit ___ Redhat-list mailing list [EMAIL PROTECTED] https

Re: How to Setup Tcpdump to nail x-girlfriend?

"Joseph R. Erlewein" wrote: > > Ok. That's it. You all have convinced me to order this: > > http://www.thinkgeek.com/stuff/things/31fb.html > ROFLMAO! Too funny Joseph! Marie A.K.A. Calamity (that's not a handle, it's a description of my life!) -- Marie Bennington ICQ# 4983764 Computers are

Re: How to Setup Tcpdump to nail x-girlfriend?

Well, I can't say I've enjoyed this thread at all, but would like to add that I completely agree with Harry regarding using a "handle" in this environment. Friendships are formed, and this is generally a light-hearted environment, but nevertheless driven by the need to discuss technical informatio

Re: How to Setup Tcpdump to nail x-girlfriend?

] > Subject: Re: How to Setup Tcpdump to nail x-girlfriend? > > "Mikkel L. Ellertson" <[EMAIL PROTECTED]> writes: > > [...] > > > > >>No need for deep analysis. Your tools aren't up to it anyway. > > > > > > Harry, are you t

Re: How to Setup Tcpdump to nail x-girlfriend?

"Mikkel L. Ellertson" <[EMAIL PROTECTED]> writes: [...] > > >>No need for deep analysis. Your tools aren't up to it anyway. > > > > Harry, are you telling on yourself? (which might explain #1 above) > > > > Look, I made it clear this woman was a witch right from jump street. > > I've never see

Re: How to Setup Tcpdump to nail x-girlfriend?

On Sat, 3 Feb 2001, PHD wrote: > Harry Putnam <[EMAIL PROTECTED]> goes on and on: > > > > Harry, obviously you're fairly bright, but it's apparent you haven't > had much experience with women. All I did was ask one stupid question- > and like my X- and you start with this old fish wife routine.

Re: How to Setup Tcpdump to nail x-girlfriend?

Harry Putnam <[EMAIL PROTECTED]> goes on and on: Harry, obviously you're fairly bright, but it's apparent you haven't had much experience with women. All I did was ask one stupid question- and like my X- and you start with this old fish wife routine. >>No need for deep analysis. Your tools

Re: How to Setup Tcpdump to nail x-girlfriend?

"Joseph R. Erlewein" <[EMAIL PROTECTED]> writes: > On 3 Feb 2001, Harry Putnam wrote: > > If you have to stoop for `nitwit' you'll have to go subterranean to > > find the words I wanted to and should have used to describe the silly > > and possilby dangerous ideas in your post. > > Sill ideas ar

Re: How to Setup Tcpdump to nail x-girlfriend?

On 3 Feb 2001, Harry Putnam wrote: > If you have to stoop for `nitwit' you'll have to go subterranean to > find the words I wanted to and should have used to describe the silly > and possilby dangerous ideas in your post. Sill ideas are good. You think inside the box and I'll do the work for you

Re: How to Setup Tcpdump to nail x-girlfriend?

"Joseph R. Erlewein" <[EMAIL PROTECTED]> writes: > Thanks for pulling the discussion hard to _that_ direction. I'll not stoop > to that level. [...] > Do you mean "pedophile?" If you have to stoop for `nitwit' you'll have to go subterranean to find the words I wanted to and should have used to

Re: How to Setup Tcpdump to nail x-girlfriend?

get a life. On Thursday 01 February 2001 19:07, you spewed into the bitstream: > > For some reason, I cannot find any information on > setting up a Tcpdump file to scan for keywords. > > Also, x-girlfriend is a cetified witch and I would > like to figure out how to i

Re: How to Setup Tcpdump to nail x-girlfriend?

On 2 Feb 2001, Harry Putnam wrote: > > I say let people worry about themselves. Screw seatbelt laws. :) > > Clearly a `nitwit' heard from. Thanks for pulling the discussion hard to _that_ direction. I'll not stoop to that level. > A drooling pedaphile posts here explaining they are a droolling

RE: How to Setup Tcpdump to nail x-girlfriend?

ow to Setup Tcpdump to nail x-girlfriend? On Fri, 2 Feb 2001, Michael R. Jinks wrote: > I may have read wrong, but I think he's trying to intercept mail -- > like, for reading, not for sending to the bit bucket. > > If that's the case, then that is most definitely not playi

Re: How to Setup Tcpdump to nail x-girlfriend?

"Joseph R. Erlewein" <[EMAIL PROTECTED]> writes: > Oh come now, > All this "ethical" talk clearly contradicts the basic altruistics of > qualities demonstrated by current and potential "Bastard Operators From > Hell." (tm) [...] > I say let people worry about themselves. Screw seatbelt laws.

Re: How to Setup Tcpdump to nail x-girlfriend?

On Fri, 2 Feb 2001, Michael R. Jinks wrote: > I may have read wrong, but I think he's trying to intercept mail -- > like, for reading, not for sending to the bit bucket. > > If that's the case, then that is most definitely not playing fair. > Network managers, legal departments, and HR managers a

Re: How to Setup Tcpdump to nail x-girlfriend?

On Fri, 2 Feb 2001, Joseph R. Erlewein wrote: > > > I say let people worry about themselves. Screw seatbelt laws. :) Well...hehehe, we need more info anyway. Like, did he set up a local email server for his capital 'X' and now he's wondering where the spool files are, or, is he talking about

[OT] morality Re: How to Setup Tcpdump to nail x-girlfriend?

ible moral issues? Sure. Definite ones? Read some web, there's an argument still going on about that and it's likely to continue for a while yet. Want help using tcpdump, less, grep, awk, sed, and so forth? dsniff, even? Happy to help. (PHD? you still paying attention?) But like Luke

Re: How to Setup Tcpdump to nail x-girlfriend?

iminal aspect, so you're not an accessory. I say let people worry about themselves. Screw seatbelt laws. :) On Fri, 2 Feb 2001, Michael R. Jinks wrote: > Date: Fri, 02 Feb 2001 09:50:02 -0600 > From: Michael R. Jinks <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [

Re: How to Setup Tcpdump to nail x-girlfriend?

lly doing so is the highest of crimes in the networked world, where privacy is rapidly being eroded from all sides as it is. Calamity wrote: > > PHD wrote: > > > > For some reason, I cannot find any information on > > setting up a Tcpdump file to scan for keywords. > &g

Re: How to Setup Tcpdump to nail x-girlfriend?

: : > PHD wrote: : > > Also, x-girlfriend is a cetified witch and I would : > > like to figure out how to intercept her email. Does she listen to Godsmack too? Quit stalking and do something productive :-) ___ Redhat-list mailing list [EMAIL PROTEC

Re: How to Setup Tcpdump to nail x-girlfriend?

On Fri, 2 Feb 2001, Calamity wrote: > PHD wrote: > > Also, x-girlfriend is a cetified witch and I would > > like to figure out how to intercept her email. Just a side note, unless you own the server that is sending and recieving the mail for this girl, that is at least somewhat illegal. And ev

Re: How to Setup Tcpdump to nail x-girlfriend?

PHD wrote: > > For some reason, I cannot find any information on > setting up a Tcpdump file to scan for keywords. > > Also, x-girlfriend is a cetified witch and I would > like to figure out how to intercept her email. > > Will Tcpdump work, or is there somethin

Re: How to Setup Tcpdump to nail x-girlfriend?

Hmmm, Normally I'd help, but Mother told me to 'nevah git 'volved in folks' petty squabbles!' *this was punctuated with a rolling pin* Sorry, I must 'honour my parents', LG On Thu, 1 Feb 2001, PHD wrote: > For some reason, I cannot find any information

How to Setup Tcpdump to nail x-girlfriend?

For some reason, I cannot find any information on setting up a Tcpdump file to scan for keywords. Also, x-girlfriend is a cetified witch and I would like to figure out how to intercept her email. Will Tcpdump work, or is there something better? S/MIME Cryptographic Signature

"tcpdump" for unix domain sockets?

Idle question that just crossed my mind -- if I wanted to bug Unix domain socket communications in the same way one can bug IP traffic using tcpdump, how might I go about it? Is there a dedicated interface on the kernel that can do it, with maybe a userland utility similar to tcpdump that reads

Re: tcpdump and SUID

James Ervin wrote: > I have a script that needs to work with tcpdump. This worked prior to > upgrading from 6.1 to 6.2. Now, even if I set the suid bit on > /usr/sbin/tcpdump, is still fails to allow a user to run the script. Take > a look: > > [root@kites /]# ls -al /usr/sb

tcpdump

I have verified that tcpdump will run suid in RH 6.1, but will not run suid in 6.2. This has broken some of applications that I use and has caused some consternation in figuring out the problem. If I take the binary from a 6.1 dist. and copy it over, it will run under 6.2. Any light that

tcpdump and SUID

I have a script that needs to work with tcpdump. This worked prior to upgrading from 6.1 to 6.2. Now, even if I set the suid bit on /usr/sbin/tcpdump, is still fails to allow a user to run the script. Take a look: [root@kites /]# ls -al /usr/sbin/tcpdump -rwxr-xr-x1 root root

tcpdump and SUID

I have a script that needs to work with tcpdump. This worked prior to upgrading from 6.1 to 6.2. Now, even if I set the suid bit on /usr/sbin/tcpdump, is still fails to allow a user to run the script. Take a look: [root@kites /]# ls -al /usr/sbin/tcpdump -rwxr-xr-x1 root root

Re: tcpdump interpretation

On 10 Aug 2000, Robert Soros wrote: > > netstat -avnp | grep 3520 > > but next time it *Probably* wont be on that port, how about grepping for > 443 instead (thats a pretty good number to use since it will never be > part of any IP address) Sure, that'll work. It _might_ return too many lines,

Re: tcpdump interpretation

> On Tue, 8 Aug 2000, Wayne Dyer wrote: > > > my_machine.org for my machine's name. The traffic is NOT coming from my > > internal network. Where can I find a listing of the flags FP and R? > > Any ideas as to what's happening here? > > > > 08:21:38.088650 < 10.1.12.50.https > my_machine.org.3

Re: tcpdump interpretation

> I noticed some traffic to my system (home system) and captured some with > tcpdump. This was a quick grab, so I didn't think to do anything other > than `tcpdump -i eth1`. In the listing below, I've substituted > my_machine.org for my machine's name. The tr

Re: tcpdump interpretation

Gordon Messmer wrote: > On Tue, 8 Aug 2000, Wayne Dyer wrote: > > > my_machine.org for my machine's name. The traffic is NOT coming from my > > internal network. Where can I find a listing of the flags FP and R? > > Any ideas as to what's happening here? > > > > 08:21:38.088650 < 10.1.12.50.ht

Re: tcpdump interpretation

On Tue, 8 Aug 2000, Wayne Dyer wrote: > my_machine.org for my machine's name. The traffic is NOT coming from my > internal network. Where can I find a listing of the flags FP and R? > Any ideas as to what's happening here? > > 08:21:38.088650 < 10.1.12.50.https > my_machine.org.3520: FP 119660

tcpdump interpretation

I noticed some traffic to my system (home system) and captured some with tcpdump. This was a quick grab, so I didn't think to do anything other than `tcpdump -i eth1`. In the listing below, I've substituted my_machine.org for my machine's name. The traffic is NOT coming f

Re: Promiscious Mode/tcpdump Question: Solved

Reference to the manual page for ifconfig shows a promisc switch, which works. At 11:50 AM 12/11/99 , you wrote: >Hi. > >My nic is a 3C900B Combo. Running RH 6.1, kernel 2.2.12. When I execute >tcpdump, I get a "listening on all devices (?)" which I suppose to be the >

Promiscious Mode/tcpdump Question

Hi. My nic is a 3C900B Combo. Running RH 6.1, kernel 2.2.12. When I execute tcpdump, I get a "listening on all devices (?)" which I suppose to be the normal message. However, when I run ifconfig, the PROMISC flag does not show up as being set. I've got the tcpdump man page

Re: tcpdump -w

Some of the extra information is undoubtedly put there by tcpdump to describe the frame, e.g., timestamp of receipt being an obvious one. You'd probably need to look at the source code for tcpdump to get more specific. I can tell you that a 1500-byte IP frame on ethernet is going to be

tcpdump -w

I used tcpdump to capture a single IP packet: tcpdump -c 1 -w data ip or something like that (don't remember the exact syntax right now). I got a file called data that was 1554 bytes long. Using od -x, I found the IP frame and am able to successfully decode it. This accounts for exact

Re: network packet sniffing (statnet, tcpdump) trouble.

> > software, or possibly just something strange with my ethernet card? Or, > > if there's a way I could force the machine to "reset" whatever value > > is causing it to report that it is being sniffed? > > ifconfig eth0 -allmulti should shut off promiscuous mode if it is on. > Maybe try it.

Re: network packet sniffing (statnet, tcpdump) trouble.

On Mon, 1 Jun 1998, Jason wrote: > I use a small util called "promisc" which shows whether or not a ... > sniffer has been detected. On one machine, when I quit using tcpdump, > the program reports that a sniffer is not detected (which makes sense, > since it's no lo

network packet sniffing (statnet, tcpdump) trouble.

I use a small util called "promisc" which shows whether or not a sniffer is currently in use on a system. Whenever I run statnet, tcpdump, or anything else which shows raw eth0 in/output, the proggy says that a sniffer has been detected. On one machine, when I quit using tcpdump, t

tcpdump etc

I saw on the list awhile back about using tcpdump as a sniffer. Any docs on this that someone can point me to? Thanks Bryan -- PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES! http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists To

Re: tcpdump usage

> There ain't no "almost" to it; tcpdump is the world's most widely-used > bargain-basement, no-frills-but-boy-does-it-get-the-job-done sniffer. > [..cut..] And the commandline to do this? Which was the whole point of the persons post to the list. :) >

Re: tcpdump usage

There ain't no "almost" to it; tcpdump is the world's most widely-used bargain-basement, no-frills-but-boy-does-it-get-the-job-done sniffer. I used it to scare a hacker so bad he started crying, once. Caught him warning the guy who he'd given his password to, then

tcpdump usage

A couple weeks ago somebody posted a nice tcpdump command that showed all network activity. I've lost it. Can someone repost the tcpdump command that almost makes the linux box a sniffer? TIA, fred Fred Lenk, SysAdmin, CommPower mailto:[EMAIL PROTECTED] http://www.commpower.com - Check

odd tcpdump messages

Using tcpdump -i ppp-2 I get: 10:12:20.753068 64.6.211.67 > 205.160.77.125: (frag 17680:-27@320) [tos 0x3] (ttl 48, optlen=40[|ip]) 10:12:20.773068 64.6.211.38 > 205.160.77.125: (frag 17680:-27@536) [tos 0x3] (ttl 48, bad cksum 4000!, optlen=40[|ip]) 10:12:20.813068 64.6.251.82 >