Re: Security-related question

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Matt Graham
Date:  
To: Main PLUG discussion list
Subject: Re: Security-related question
From: Jim March <>
> According to ifconfig the interface I'm trying to monitor is:
> wlan0     Link encap:Ethernet  HWaddr 00:14:d1:c8:b4:bf
>           inet addr:10.0.1.4  Bcast:10.0.1.255  Mask:255.255.255.0


Are you sure? That looks like the IP of the Linux box. The Doze VM you're
trying to monitor will have a different IP, unless you're using bridging in
virtualbox. Are you using bridging/shared networking there? That may cause
things to be different. Can't tell for sure; my virtualbox setup's at home.

> jim@jim-lappy:~$ sudo tcpdump -s 0 -w file.pca 10.0.1.4
> tcpdump: WARNING: eth0: no IPv4 address assigned
> tcpdump: syntax error


Yeah, you didn't get the syntax right. Take a look at what you posted
previously:

>>> jim@jim-lappy:~$ tcpdump -s 0 -w file.pcap host 127.0.0.1


..."host 127.0.0.1" means "capture all packets that have a source or
destination address of 127.0.0.1". Just putting in an IP without a
host/src/dst keyword won't get anything but an error. So, try again, make
sure you've got the correct IP in the host file, or if you're not sure where
the VM's IP is, then you can do something like 10.0.1.0/24 and retrieve
packets from the whole subnet. It's better to be as specific as possible when
doing the capture, so you have as few packets you're not interested in as you
can. That makes subsequent analysis easier.

--
Matt G / Dances With Crows
The Crow202 Blog: http://crow202.org/wordpress/
There is no Darkness in Eternity/But only Light too dim for us to see

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss