[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Tracking a connection.
- Subject: RE: [cobalt-security] Tracking a connection.
- From: "Paulick, Jim" <jpaulick@xxxxxxx>
- Date: Mon, 21 Oct 2002 10:13:26 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
you can also just run a tcpdump on the ip address and watch him as he goes in real time, and view the actual data dumped as he/she goes.
like /usr/sbin/tcpdump host 1.2.3.4
or if you want it in libpcap format /usr/sbin/tcpdump host -s 1518 host 1.2.3.4 -w capturefile.enc
(the -s 1518 makes sure that you get all of the data in the packet)
-jim
-----Original Message-----
From: Terrance Dwyer [mailto:td@xxxxxxxx]
Sent: Monday, October 21, 2002 2:15 AM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-security] Tracking a connection.
Thanks Brian, your tip did the trick. So I guess the RAQ's a real
Apache server :)
Terrance Dwyer
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] On Behalf Of Brian
Reichert
Sent: Sunday, October 20, 2002 8:07 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] Tracking a connection.
On Sat, Oct 19, 2002 at 07:56:17PM -0700, Terrance Dwyer wrote:
> Is there a way to determine, or follow in real-time the "target" of an
> httpd connection. Netstat reports connections to port 80 but I'd like
> to know to which virtual site the ip is connected. I can follow the
> connection via the logs but I'd like to see where the connected ip's
> attentions are directed at any given moment.
If you've built your server with all the bell and whistles, the
server-status module will dump out a fairly comprehensive table
(via HTML) about what's going on.
This describes the module:
<http://httpd.apache.org/docs/mod/mod_status.html>
Among the details it claims to present:
* The current hosts and requests being processed
Mind you, this is for 'real' Apache servers. I can't vouch for
what Cobalt has handed you...
> Thanks
>
>
>
> Terrance Dwyer
--
Brian 'you Bastard' Reichert <reichert@xxxxxxxxxxx>
37 Crystal Ave. #303 Daytime number: (603) 434-6842
Derry NH 03038-1713 USA Intel architecture: the
left-hand path
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security