Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Capture all traffic hitting a linux server?

Posted on 2006-11-25
Medium Priority
Last Modified: 2013-12-16
I have a Linux Redhat Enterprise 4 i686 server; I would like to be able to capture all traffic coming into my server.  For example if someone registered a domain name and then used our dns it would automatically display a default page if someone were to visit the domain.  This is that there is no domain account on the server and the only thing they have doe is used our name servers when they registered the domain!
Question by:GodadoLLC
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
LVL 14

Expert Comment

ID: 18018158
tried ethereal or tethereal which does the same. capture all traffic from various ip addresses???  if it is only http traffic that needs capturing, the same is already available in



Author Comment

ID: 18020957
I don not think you understand the question, either that or I just don't understand your answer. :)

If I set a domains dns to my dns, but I do not add a dns zone for this domain on my server.  The domain would come up as an error.  However, I want it to go to a default page.
LVL 14

Expert Comment

ID: 18021072
ok. sorry my mistake.  i read "capture all traffic" and took off on a tangent thinking that you want the ip addresses for the domains so registered to track them down.

here goes my second attempt...

why not configure the error page on your server itself as a different page or point it to the default page???  am i making sense here.  look at the /var/www/error (my default location for error pages)
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.


Expert Comment

ID: 18060345
 Iptraf is a great little program that can capture everything, from everyone including NON-IP traffic if you want to get mid-evil.  Or you can set it up with filters to capture on the traffic that you want.  I was a little confused by your question, but I hope that helps.


  Joshua McDowell

Author Comment

ID: 18062741
I guess, I have not explained my question very well, so I will provide an example:

When you go to a domain registrar, we will use enom.com and you purchase a domain.  The domain automatically comes up with a default page that says "Future home of yourdomain.com"  

However, the registrar has not created a hosting account or prked this domain on their server.  The domain is simply automatically set to use their dns.  However, the new owner of the domain then changes the dns and it goes to the new website.  If the owner of this domain changes the dns back to the registrars dns at anytime, he will then see the default page again.

I want to be able to do this too, when someone registers a domain and they set the dns for the domain to


I want them to be sent to my default page on my server.

Expert Comment

ID: 18062771
 That shouldn't be a problem, as one has to setup a virtual for each client before they will actually work right?  On the same note, you don't want to eliminate the error 404 for people that have legitimate sites.  So what I would do..
  The first question is, how does your current setup work?  Do you have a bunch of virtual servers?  If you have virtual servers are they setup on cloaked ports?  Or do you have a server for each host, that all use the same dns?  It's been a long time since I have not done any sort of web hosting related things in some time.  I think there was a way to strip what domain the the is being sought out.  I am pretty sure there is a way to to tell apache that if no matching domain are found them go here. < Your page you speak of >  If you post more information about your setup I can taylor my answer to better fit what you are doing.

LVL 57

Accepted Solution

giltjr earned 2000 total points
ID: 18064282
I think you are getting things confused.  What DNS sever is used as the authoritive sever for the domain has nothing to do with what server will be used for their web sever.

If you are running a DNS sever, in order for somebody to use it as the authoritive for their domain, you must know about it before hand.

If you are also going to host their website, then you also must know about it.  If you know about it you can setup your Apache sever to serve up a "Future home of " page for that domain.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question