GodadoLLC
asked on
Capture all traffic hitting a linux server?
I have a Linux Redhat Enterprise 4 i686 server; I would like to be able to capture all traffic coming into my server. For example if someone registered a domain name and then used our dns it would automatically display a default page if someone were to visit the domain. This is that there is no domain account on the server and the only thing they have doe is used our name servers when they registered the domain!
ASKER
I don not think you understand the question, either that or I just don't understand your answer. :)
If I set a domains dns to my dns, but I do not add a dns zone for this domain on my server. The domain would come up as an error. However, I want it to go to a default page.
If I set a domains dns to my dns, but I do not add a dns zone for this domain on my server. The domain would come up as an error. However, I want it to go to a default page.
ok. sorry my mistake. i read "capture all traffic" and took off on a tangent thinking that you want the ip addresses for the domains so registered to track them down.
here goes my second attempt...
why not configure the error page on your server itself as a different page or point it to the default page??? am i making sense here. look at the /var/www/error (my default location for error pages)
here goes my second attempt...
why not configure the error page on your server itself as a different page or point it to the default page??? am i making sense here. look at the /var/www/error (my default location for error pages)
Iptraf is a great little program that can capture everything, from everyone including NON-IP traffic if you want to get mid-evil. Or you can set it up with filters to capture on the traffic that you want. I was a little confused by your question, but I hope that helps.
http://cebu.mozcom.com/riker/iptraf/
Joshua McDowell
http://cebu.mozcom.com/riker/iptraf/
Joshua McDowell
ASKER
I guess, I have not explained my question very well, so I will provide an example:
When you go to a domain registrar, we will use enom.com and you purchase a domain. The domain automatically comes up with a default page that says "Future home of yourdomain.com"
However, the registrar has not created a hosting account or prked this domain on their server. The domain is simply automatically set to use their dns. However, the new owner of the domain then changes the dns and it goes to the new website. If the owner of this domain changes the dns back to the registrars dns at anytime, he will then see the default page again.
I want to be able to do this too, when someone registers a domain and they set the dns for the domain to
ns1.myserversdns.com
ns2.myserversdns.com
I want them to be sent to my default page on my server.
When you go to a domain registrar, we will use enom.com and you purchase a domain. The domain automatically comes up with a default page that says "Future home of yourdomain.com"
However, the registrar has not created a hosting account or prked this domain on their server. The domain is simply automatically set to use their dns. However, the new owner of the domain then changes the dns and it goes to the new website. If the owner of this domain changes the dns back to the registrars dns at anytime, he will then see the default page again.
I want to be able to do this too, when someone registers a domain and they set the dns for the domain to
ns1.myserversdns.com
ns2.myserversdns.com
I want them to be sent to my default page on my server.
That shouldn't be a problem, as one has to setup a virtual for each client before they will actually work right? On the same note, you don't want to eliminate the error 404 for people that have legitimate sites. So what I would do..
The first question is, how does your current setup work? Do you have a bunch of virtual servers? If you have virtual servers are they setup on cloaked ports? Or do you have a server for each host, that all use the same dns? It's been a long time since I have not done any sort of web hosting related things in some time. I think there was a way to strip what domain the the is being sought out. I am pretty sure there is a way to to tell apache that if no matching domain are found them go here. < Your page you speak of > If you post more information about your setup I can taylor my answer to better fit what you are doing.
Joshua
The first question is, how does your current setup work? Do you have a bunch of virtual servers? If you have virtual servers are they setup on cloaked ports? Or do you have a server for each host, that all use the same dns? It's been a long time since I have not done any sort of web hosting related things in some time. I think there was a way to strip what domain the the is being sought out. I am pretty sure there is a way to to tell apache that if no matching domain are found them go here. < Your page you speak of > If you post more information about your setup I can taylor my answer to better fit what you are doing.
Joshua
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
/var/log/httpd/httpd.log
/var/log/httpd/error.log