[SATLUG] help with tcpdump (grab a beer its a long post)
bkfuth at gmail.com
Thu Feb 25 23:20:47 CST 2010
On Wed, Feb 24, 2010 at 10:18 PM, Tweeks <tweeksjunk2 at theweeks.org> wrote:
> On Monday 22 February 2010 09:39:22 am redpill wrote:
> > On Sun, 2010-02-21 at 08:31 -0600, Don Davis wrote:
> > > This is an interesting thread.
> > >
> > > What are you checking for? RST packets received right after syn
> > what I am looking for is half-open connections, which might indicate
> > that someone is doing a stealth syn scan
> Why not just use portsentry.. it detects stealth scans, such as
> FIN, NULL, XMAS, and out-of-band packets... and is very modular in nature.
> Unless you're doing this as a learning experince.. which I totally respect.
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
> Powered by Rackspace (www.rackspace.com)
More information about the SATLUG