Way back on May 15, 3:25am, Brian Mitchell wrote:
> This is a good idea. I have also written a similar tool, although mine
> logs all syn packets. It uses the libpcap interface. Should compile under
> linux, freebsd, irix, sunos, solaris, etc. It is available at
> http://www.saturn.net/~brian/files/clog-001.tar.gz (libpcap is not
> included with the distribution).
Well, while we're on the subject..
I've written a perl script to do a similar task-- mine logs all SYN
packets (although you can exclude data destined for a particular port;
I exclude port 80 and 113 as they generate so much traffic) as well
as logging portscans.
It requires tcpdump and a little bit of hacking to get it to work
on your particular subnet, but it doesn't chew alot of CPU time --
unless, of course, someone is doing a portscan :-)
You can find it at http://www.nbs.nau.edu/~jwa/Security/synsniff.tar.gz
Comments/suggestions about how to improve it are welcome.
James
--
James W. Abendschan Email: jwa_at_nbs.nau.edu
UNIX Systems Programmer/Administrator Phone: (520) 556-7466 x238
Colorado Plateau Research Station, Flagstaff, AZ Voice mail: *516
Received on May 15 1996
Intro
