Solved

Help with capturing network packet

Posted on 2004-03-30
8
272 Views
Last Modified: 2010-03-18
I run a priviledged BNC service (for IRC) and I would like to monitor the contents of my users. For example, I was sent an email by the IRC network asking for evidence in which a user of my BNC service has spammed in the network. I have heard there is a command called 'tcpdump' which is able to listen and log all network data coming to and from any interface. I have tried it and it logs mostly garbage packets which I do not require and uses up a lot of disk space. I would like to know the command to listen to only certain keywords of phrases and log THAT data in, if possible, and if not then what software out there could I use for this purpose?
0
Comment
Question by:rudyzainal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 18

Expert Comment

by:liddler
ID: 10712477
tcpdump has lots of option for narrowing the output down, you can then pipe the output via egrep to match it against certain keywords, before writing it to a file, this should reduce the disk space, and get rid of lots of the rubbish. take a look at the tcpdump manpage.
0
 
LVL 9

Accepted Solution

by:
Alf666 earned 50 total points
ID: 10712499
tcpdump is a network diagnostic tool. It will not log packets content (per design).

For a diagnostic, you can use ethereal or tethereal (the terminal version).

But for doing exactly what you want, you'll have to look inside the hackers section.
It's very bad practise to sniff your users emails or irc sessions.
0
 

Expert Comment

by:givetoprakash
ID: 10712596
There is some programs to capture the packets & it contents .

if you want that programs contact me
<email address removed by sirbounty>

0
WordPress Tutorial 2: Terminology

An important part of learning any new piece of software is understanding the terminology it uses. Thankfully WordPress uses fairly simple names for everything that make it easy to start using the software.

 
LVL 17

Expert Comment

by:owensleftfoot
ID: 10712703
ngrep http://ngrep.sourceforge.net/ is a program like ordinary grep for searching for regular expressions/phrases but ngrep works on network packets instead of files.
0
 
LVL 14

Expert Comment

by:pablouruguay
ID: 10713060
sniffit or ethereal...

have a gui interfaces to discrimine garbage packets
0
 

Author Comment

by:rudyzainal
ID: 10717236
liddler
I have read the MAN page but the options are way too vast for me to actually pinpoint for the results i wanted.

Alf666
It IS bad practice, but before they acually are given a bouncer they have to agree on the policies set which state that all communications to and from the server will be assessed and logged as and when necessary, as in this case whereby this certain user has been accused of breaching. I cannot terminate this user's account due to flamboyant accusations without any proof and as such he was put in (and duely notified of) what's called 'monitor accounts', in which i need this information from here. :)

givetoprakash : your email was removed. You might wish to get in touch with me via email. My email is posted on my profile.

owensleftfoot
thanks ill take a look at it

pablouruguay
my box is not local, its located on a datacenter, and as such GUI isnt that much of an option.
0
 
LVL 18

Expert Comment

by:liddler
ID: 10721018
As Alf666 says ethereal is an excellent tool, hava a look at that
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question