Solved

Capture all traffic hitting a linux server?

Posted on 2006-11-25
9
252 Views
Last Modified: 2013-12-16
I have a Linux Redhat Enterprise 4 i686 server; I would like to be able to capture all traffic coming into my server.  For example if someone registered a domain name and then used our dns it would automatically display a default page if someone were to visit the domain.  This is that there is no domain account on the server and the only thing they have doe is used our name servers when they registered the domain!
0
Comment
Question by:GodadoLLC
  • 2
  • 2
  • 2
  • +1
9 Comments
 
LVL 14

Expert Comment

by:ygoutham
Comment Utility
tried ethereal or tethereal which does the same. capture all traffic from various ip addresses???  if it is only http traffic that needs capturing, the same is already available in

/var/log/httpd/httpd.log
/var/log/httpd/error.log

0
 

Author Comment

by:GodadoLLC
Comment Utility
I don not think you understand the question, either that or I just don't understand your answer. :)

If I set a domains dns to my dns, but I do not add a dns zone for this domain on my server.  The domain would come up as an error.  However, I want it to go to a default page.
0
 
LVL 14

Expert Comment

by:ygoutham
Comment Utility
ok. sorry my mistake.  i read "capture all traffic" and took off on a tangent thinking that you want the ip addresses for the domains so registered to track them down.

here goes my second attempt...

why not configure the error page on your server itself as a different page or point it to the default page???  am i making sense here.  look at the /var/www/error (my default location for error pages)
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 4

Expert Comment

by:joshmia2001
Comment Utility
 Iptraf is a great little program that can capture everything, from everyone including NON-IP traffic if you want to get mid-evil.  Or you can set it up with filters to capture on the traffic that you want.  I was a little confused by your question, but I hope that helps.

http://cebu.mozcom.com/riker/iptraf/


  Joshua McDowell
0
 

Author Comment

by:GodadoLLC
Comment Utility
I guess, I have not explained my question very well, so I will provide an example:

When you go to a domain registrar, we will use enom.com and you purchase a domain.  The domain automatically comes up with a default page that says "Future home of yourdomain.com"  

However, the registrar has not created a hosting account or prked this domain on their server.  The domain is simply automatically set to use their dns.  However, the new owner of the domain then changes the dns and it goes to the new website.  If the owner of this domain changes the dns back to the registrars dns at anytime, he will then see the default page again.

I want to be able to do this too, when someone registers a domain and they set the dns for the domain to

ns1.myserversdns.com
ns2.myserversdns.com

I want them to be sent to my default page on my server.
0
 
LVL 4

Expert Comment

by:joshmia2001
Comment Utility
 That shouldn't be a problem, as one has to setup a virtual for each client before they will actually work right?  On the same note, you don't want to eliminate the error 404 for people that have legitimate sites.  So what I would do..
  The first question is, how does your current setup work?  Do you have a bunch of virtual servers?  If you have virtual servers are they setup on cloaked ports?  Or do you have a server for each host, that all use the same dns?  It's been a long time since I have not done any sort of web hosting related things in some time.  I think there was a way to strip what domain the the is being sought out.  I am pretty sure there is a way to to tell apache that if no matching domain are found them go here. < Your page you speak of >  If you post more information about your setup I can taylor my answer to better fit what you are doing.


Joshua
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
Comment Utility
I think you are getting things confused.  What DNS sever is used as the authoritive sever for the domain has nothing to do with what server will be used for their web sever.

If you are running a DNS sever, in order for somebody to use it as the authoritive for their domain, you must know about it before hand.

If you are also going to host their website, then you also must know about it.  If you know about it you can setup your Apache sever to serve up a "Future home of " page for that domain.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now