[lug] outgoing port 220 exploit?
stimits at comcast.net
Sun Jan 18 17:34:01 MST 2004
Frank Rehberger wrote:
> >> Well, netstat seems to work only for existing tcp connects, or if it
> >> is run right at the instant of a connect attempt. What I have here is
> >> a period failed connect to outside port 220, it is blocked both on the
> >> local machine and on the bridge firewall, so it never gets beyond a
> >> SYN packet. I'm thinking what I need is a tcpdump. Only I'm having a
> >> problem with the tcpdump syntax. Can anyone tell me the syntax to use
> >> tcpdump to continuously dump info of any port 220 destination packets?
> >> And is there a way to give source application info the way netstat
> >> does with the -lenp argument?
> my first contribution to [lug] :)
> tcpdump -e -a -i eth0 port 220
> Hope this helps,
> Regards, Frank
This looks good, I'm going to run this 24/7 logging with tee, but for
both 220 and 6129.
More information about the LUG