From owner-freebsd-security  Fri Apr 13  7: 3: 1 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gilberto.physik.rwth-aachen.de (gilberto.physik.rwth-aachen.de [137.226.30.2])
	by hub.freebsd.org (Postfix) with ESMTP id 06DD837B42C
	for <freebsd-security@freebsd.org>; Fri, 13 Apr 2001 07:02:58 -0700 (PDT)
	(envelope-from kuku@gilberto.physik.rwth-aachen.de)
Received: (from kuku@localhost)
	by gilberto.physik.rwth-aachen.de (8.11.1/8.9.3) id f3DE2vx32654
	for freebsd-security@freebsd.org; Fri, 13 Apr 2001 16:02:57 +0200 (CEST)
	(envelope-from kuku)
Date: Fri, 13 Apr 2001 16:02:57 +0200 (CEST)
From: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>
Message-Id: <200104131402.f3DE2vx32654@gilberto.physik.rwth-aachen.de>
To: freebsd-security@freebsd.org
Subject: tcpdump (tutorial?)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


I don't know how others experience this: Whenever it comes to
some suspicion on net intruders or so I find me in reading 
tcpdump's man page and I'm scratching head about the
syntax. Once learned to form a little script that
filters this and that it's laid away or lost
when the storm is over.

Next time same procedure. Uh, oh, what was again this tcpdump syntax
to watch that host for incoming and outgoing packets that do not
come from our local network and are not http port.

Is there a tutorial?


Has someone written down some typical 'security' examples?

-- 
Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message