rudyzainal
asked on
Help with capturing network packet
I run a priviledged BNC service (for IRC) and I would like to monitor the contents of my users. For example, I was sent an email by the IRC network asking for evidence in which a user of my BNC service has spammed in the network. I have heard there is a command called 'tcpdump' which is able to listen and log all network data coming to and from any interface. I have tried it and it logs mostly garbage packets which I do not require and uses up a lot of disk space. I would like to know the command to listen to only certain keywords of phrases and log THAT data in, if possible, and if not then what software out there could I use for this purpose?
Last Comment
liddler
tcpdump has lots of option for narrowing the output down, you can then pipe the output via egrep to match it against certain keywords, before writing it to a file, this should reduce the disk space, and get rid of lots of the rubbish. take a look at the tcpdump manpage.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
There is some programs to capture the packets & it contents .
if you want that programs contact me
<email address removed by sirbounty>
if you want that programs contact me
<email address removed by sirbounty>
ngrep http://ngrep.sourceforge.net/ is a program like ordinary grep for searching for regular expressions/phrases but ngrep works on network packets instead of files.
sniffit or ethereal...
have a gui interfaces to discrimine garbage packets
have a gui interfaces to discrimine garbage packets
ASKER
liddler
I have read the MAN page but the options are way too vast for me to actually pinpoint for the results i wanted.
Alf666
It IS bad practice, but before they acually are given a bouncer they have to agree on the policies set which state that all communications to and from the server will be assessed and logged as and when necessary, as in this case whereby this certain user has been accused of breaching. I cannot terminate this user's account due to flamboyant accusations without any proof and as such he was put in (and duely notified of) what's called 'monitor accounts', in which i need this information from here. :)
givetoprakash : your email was removed. You might wish to get in touch with me via email. My email is posted on my profile.
owensleftfoot
thanks ill take a look at it
pablouruguay
my box is not local, its located on a datacenter, and as such GUI isnt that much of an option.
I have read the MAN page but the options are way too vast for me to actually pinpoint for the results i wanted.
Alf666
It IS bad practice, but before they acually are given a bouncer they have to agree on the policies set which state that all communications to and from the server will be assessed and logged as and when necessary, as in this case whereby this certain user has been accused of breaching. I cannot terminate this user's account due to flamboyant accusations without any proof and as such he was put in (and duely notified of) what's called 'monitor accounts', in which i need this information from here. :)
givetoprakash : your email was removed. You might wish to get in touch with me via email. My email is posted on my profile.
owensleftfoot
thanks ill take a look at it
pablouruguay
my box is not local, its located on a datacenter, and as such GUI isnt that much of an option.
As Alf666 says ethereal is an excellent tool, hava a look at that
Linux Networking
The variety of Linux distributions creates myriad issues relating to configuration and operations when computers are networked, not the least of which is the use of various network management applications, some of which are included with specific distributions, while others are standalone applications.
19K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
