Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Capture all traffic hitting a linux server?

Posted on 2006-11-25
Last Modified: 2013-12-16
I have a Linux Redhat Enterprise 4 i686 server; I would like to be able to capture all traffic coming into my server.  For example if someone registered a domain name and then used our dns it would automatically display a default page if someone were to visit the domain.  This is that there is no domain account on the server and the only thing they have doe is used our name servers when they registered the domain!
Question by:GodadoLLC
  • 2
  • 2
  • 2
  • +1
LVL 14

Expert Comment

ID: 18018158
tried ethereal or tethereal which does the same. capture all traffic from various ip addresses???  if it is only http traffic that needs capturing, the same is already available in



Author Comment

ID: 18020957
I don not think you understand the question, either that or I just don't understand your answer. :)

If I set a domains dns to my dns, but I do not add a dns zone for this domain on my server.  The domain would come up as an error.  However, I want it to go to a default page.
LVL 14

Expert Comment

ID: 18021072
ok. sorry my mistake.  i read "capture all traffic" and took off on a tangent thinking that you want the ip addresses for the domains so registered to track them down.

here goes my second attempt...

why not configure the error page on your server itself as a different page or point it to the default page???  am i making sense here.  look at the /var/www/error (my default location for error pages)
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.


Expert Comment

ID: 18060345
 Iptraf is a great little program that can capture everything, from everyone including NON-IP traffic if you want to get mid-evil.  Or you can set it up with filters to capture on the traffic that you want.  I was a little confused by your question, but I hope that helps.


  Joshua McDowell

Author Comment

ID: 18062741
I guess, I have not explained my question very well, so I will provide an example:

When you go to a domain registrar, we will use enom.com and you purchase a domain.  The domain automatically comes up with a default page that says "Future home of yourdomain.com"  

However, the registrar has not created a hosting account or prked this domain on their server.  The domain is simply automatically set to use their dns.  However, the new owner of the domain then changes the dns and it goes to the new website.  If the owner of this domain changes the dns back to the registrars dns at anytime, he will then see the default page again.

I want to be able to do this too, when someone registers a domain and they set the dns for the domain to


I want them to be sent to my default page on my server.

Expert Comment

ID: 18062771
 That shouldn't be a problem, as one has to setup a virtual for each client before they will actually work right?  On the same note, you don't want to eliminate the error 404 for people that have legitimate sites.  So what I would do..
  The first question is, how does your current setup work?  Do you have a bunch of virtual servers?  If you have virtual servers are they setup on cloaked ports?  Or do you have a server for each host, that all use the same dns?  It's been a long time since I have not done any sort of web hosting related things in some time.  I think there was a way to strip what domain the the is being sought out.  I am pretty sure there is a way to to tell apache that if no matching domain are found them go here. < Your page you speak of >  If you post more information about your setup I can taylor my answer to better fit what you are doing.

LVL 57

Accepted Solution

giltjr earned 500 total points
ID: 18064282
I think you are getting things confused.  What DNS sever is used as the authoritive sever for the domain has nothing to do with what server will be used for their web sever.

If you are running a DNS sever, in order for somebody to use it as the authoritive for their domain, you must know about it before hand.

If you are also going to host their website, then you also must know about it.  If you know about it you can setup your Apache sever to serve up a "Future home of " page for that domain.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
mcrypt_create_iv() is deprecated 4 274
how to install java on RHEL image on EC2 4 38
centos commands 6 67
HOw To Install Docker on VMware Workstation 19 141
This is the error message I got (CODE) Error caused by incompatible libmp3lame 3.98-2 with ffmpeg I've googled this error message and found out sometimes it attaches this note "can be treated with downgrade libmp3lame to version 3.97 or 3.98" …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question