On Tue, 12 Aug 2003, Jason Dale wrote: > Hi all, > > I am looking for a standard run-of-the-mill Linux command > that functions similarily to '/usr/sbin/mtr' ( A network diagnostic > tool ) except can monitor how many network packets get sent > to or from a specific port. For example, I would want to know > how much traffic get's sent to and from port 25 on eth0, and how > many bytes get transferred with each packet. (A nifty way of finding > out who is sending chompy emails). > > The command can display a screen, much like mtc, which get's > updated realtime and/or at set intervals, showing interface/port > activity levels. > > I don't know if any of you guys have been hit by the > W32.Blaster.Worm yet, but the kind of tool I am talking about will > be very useful in finding out what ports have 'unusual' amounts > of activity.
You might want to look at snort. It is real good at looking for "bad traffic" It can be a pita to setup but..... -- ......Tom Registered Linux User #14522 http://counter.li.org [EMAIL PROTECTED] My current SpamTrap -------> [EMAIL PROTECTED] -- Psyche-list mailing list [EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/psyche-list
