Capture all traffic hitting a linux server?

Posted on 2006-11-25
Medium Priority
Last Modified: 2013-12-16
I have a Linux Redhat Enterprise 4 i686 server; I would like to be able to capture all traffic coming into my server.  For example if someone registered a domain name and then used our dns it would automatically display a default page if someone were to visit the domain.  This is that there is no domain account on the server and the only thing they have doe is used our name servers when they registered the domain!
Question by:GodadoLLC
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
LVL 14

Expert Comment

ID: 18018158
tried ethereal or tethereal which does the same. capture all traffic from various ip addresses???  if it is only http traffic that needs capturing, the same is already available in



Author Comment

ID: 18020957
I don not think you understand the question, either that or I just don't understand your answer. :)

If I set a domains dns to my dns, but I do not add a dns zone for this domain on my server.  The domain would come up as an error.  However, I want it to go to a default page.
LVL 14

Expert Comment

ID: 18021072
ok. sorry my mistake.  i read "capture all traffic" and took off on a tangent thinking that you want the ip addresses for the domains so registered to track them down.

here goes my second attempt...

why not configure the error page on your server itself as a different page or point it to the default page???  am i making sense here.  look at the /var/www/error (my default location for error pages)
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.


Expert Comment

ID: 18060345
 Iptraf is a great little program that can capture everything, from everyone including NON-IP traffic if you want to get mid-evil.  Or you can set it up with filters to capture on the traffic that you want.  I was a little confused by your question, but I hope that helps.


  Joshua McDowell

Author Comment

ID: 18062741
I guess, I have not explained my question very well, so I will provide an example:

When you go to a domain registrar, we will use enom.com and you purchase a domain.  The domain automatically comes up with a default page that says "Future home of yourdomain.com"  

However, the registrar has not created a hosting account or prked this domain on their server.  The domain is simply automatically set to use their dns.  However, the new owner of the domain then changes the dns and it goes to the new website.  If the owner of this domain changes the dns back to the registrars dns at anytime, he will then see the default page again.

I want to be able to do this too, when someone registers a domain and they set the dns for the domain to


I want them to be sent to my default page on my server.

Expert Comment

ID: 18062771
 That shouldn't be a problem, as one has to setup a virtual for each client before they will actually work right?  On the same note, you don't want to eliminate the error 404 for people that have legitimate sites.  So what I would do..
  The first question is, how does your current setup work?  Do you have a bunch of virtual servers?  If you have virtual servers are they setup on cloaked ports?  Or do you have a server for each host, that all use the same dns?  It's been a long time since I have not done any sort of web hosting related things in some time.  I think there was a way to strip what domain the the is being sought out.  I am pretty sure there is a way to to tell apache that if no matching domain are found them go here. < Your page you speak of >  If you post more information about your setup I can taylor my answer to better fit what you are doing.

LVL 57

Accepted Solution

giltjr earned 2000 total points
ID: 18064282
I think you are getting things confused.  What DNS sever is used as the authoritive sever for the domain has nothing to do with what server will be used for their web sever.

If you are running a DNS sever, in order for somebody to use it as the authoritive for their domain, you must know about it before hand.

If you are also going to host their website, then you also must know about it.  If you know about it you can setup your Apache sever to serve up a "Future home of " page for that domain.

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month12 days, 4 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question