Capture all traffic hitting a linux server?

Posted on 2006-11-25
Last Modified: 2013-12-16
I have a Linux Redhat Enterprise 4 i686 server; I would like to be able to capture all traffic coming into my server.  For example if someone registered a domain name and then used our dns it would automatically display a default page if someone were to visit the domain.  This is that there is no domain account on the server and the only thing they have doe is used our name servers when they registered the domain!
Question by:GodadoLLC
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
LVL 14

Expert Comment

ID: 18018158
tried ethereal or tethereal which does the same. capture all traffic from various ip addresses???  if it is only http traffic that needs capturing, the same is already available in



Author Comment

ID: 18020957
I don not think you understand the question, either that or I just don't understand your answer. :)

If I set a domains dns to my dns, but I do not add a dns zone for this domain on my server.  The domain would come up as an error.  However, I want it to go to a default page.
LVL 14

Expert Comment

ID: 18021072
ok. sorry my mistake.  i read "capture all traffic" and took off on a tangent thinking that you want the ip addresses for the domains so registered to track them down.

here goes my second attempt...

why not configure the error page on your server itself as a different page or point it to the default page???  am i making sense here.  look at the /var/www/error (my default location for error pages)
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Expert Comment

ID: 18060345
 Iptraf is a great little program that can capture everything, from everyone including NON-IP traffic if you want to get mid-evil.  Or you can set it up with filters to capture on the traffic that you want.  I was a little confused by your question, but I hope that helps.

  Joshua McDowell

Author Comment

ID: 18062741
I guess, I have not explained my question very well, so I will provide an example:

When you go to a domain registrar, we will use and you purchase a domain.  The domain automatically comes up with a default page that says "Future home of"  

However, the registrar has not created a hosting account or prked this domain on their server.  The domain is simply automatically set to use their dns.  However, the new owner of the domain then changes the dns and it goes to the new website.  If the owner of this domain changes the dns back to the registrars dns at anytime, he will then see the default page again.

I want to be able to do this too, when someone registers a domain and they set the dns for the domain to

I want them to be sent to my default page on my server.

Expert Comment

ID: 18062771
 That shouldn't be a problem, as one has to setup a virtual for each client before they will actually work right?  On the same note, you don't want to eliminate the error 404 for people that have legitimate sites.  So what I would do..
  The first question is, how does your current setup work?  Do you have a bunch of virtual servers?  If you have virtual servers are they setup on cloaked ports?  Or do you have a server for each host, that all use the same dns?  It's been a long time since I have not done any sort of web hosting related things in some time.  I think there was a way to strip what domain the the is being sought out.  I am pretty sure there is a way to to tell apache that if no matching domain are found them go here. < Your page you speak of >  If you post more information about your setup I can taylor my answer to better fit what you are doing.

LVL 57

Accepted Solution

giltjr earned 500 total points
ID: 18064282
I think you are getting things confused.  What DNS sever is used as the authoritive sever for the domain has nothing to do with what server will be used for their web sever.

If you are running a DNS sever, in order for somebody to use it as the authoritive for their domain, you must know about it before hand.

If you are also going to host their website, then you also must know about it.  If you know about it you can setup your Apache sever to serve up a "Future home of " page for that domain.

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question