From owner-freebsd-security  Fri Apr 13 20:48:17 2001
Delivered-To: freebsd-security@freebsd.org
Received: from R181204.resnet.ucsb.edu (R181204.resnet.ucsb.edu [128.111.181.204])
	by hub.freebsd.org (Postfix) with ESMTP id 6374D37B53A
	for <freebsd-security@FreeBSD.ORG>; Fri, 13 Apr 2001 20:48:15 -0700 (PDT)
	(envelope-from mudman@R181204.resnet.ucsb.edu)
Received: from localhost (mudman@localhost)
	by R181204.resnet.ucsb.edu (8.11.1/8.11.1) with ESMTP id f3E3sPX21150;
	Fri, 13 Apr 2001 20:54:25 -0700 (PDT)
	(envelope-from mudman@R181204.resnet.ucsb.edu)
Date: Fri, 13 Apr 2001 20:54:25 -0700 (PDT)
From: mudman <mudman@R181204.resnet.ucsb.edu>
To: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: Re: tcpdump (tutorial?)
In-Reply-To: <200104131402.f3DE2vx32654@gilberto.physik.rwth-aachen.de>
Message-ID: <Pine.BSF.4.30.0104132052320.21148-100000@R181204.resnet.ucsb.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Next time same procedure. Uh, oh, what was again this tcpdump syntax
> to watch that host for incoming and outgoing packets that do not
> come from our local network and are not http port.
>
> Is there a tutorial?
>
>
> Has someone written down some typical 'security' examples?

I also would like to see this.  Any good resources, anyone? Especially not
so much syntactical issues as is "tricks" that can be done to pin down
troublemakers.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message