JoeAley2003 wrote:
> Hi all...
>
>
> I need to have a report of all connections that have been made from
> my internet forwarded host 192.168.0.10.
>
> Basically, i need...
>
> -Host Name
> -Host IP
> -Port Number
>
> of the machine my local (192.168.0.10) is accessing, and if we can go
> to the state of art, i need to store the response of each connection.
> I mean, if my local net request www.google.com, my server will save
> the html response into a file too.
>
>
> Thank you all!!!
Hi.
I use iptables to log well known "atacks".
For example, to log every ping-of-death attacks I've got this lines in my
iptables' configuration script:
# Port-Scanner Attack
iptables -N Port_Scann
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j Port_Scann
iptables -A Port_Scann -m limit --limit 10/s -j LOG --log-level info
--log-prefix "Port-Scann: "
iptables -A Port_Scann -j DROP
I create a new chain because I don't just want to log, I also want to drop
those packets.
If you just want to log traffic coming from 192.168.0.10 you just need this
lines:
iptables -A FORWARD -s 192.168.0.10 -j LOG --log-level info --log-prefix
"Anything you want: "
iptables -A FORWARD -d 192.168.0.10 -j LOG --log-level info --log-prefix
"Anything you want: "
With this lines you log every traffic that is forwarded from/for your target
host.
This logs don't say much things to you, you just can seen when your user
sends/receives packets.
If you want to analyse better the traffic, like you described before (see
what sites your user is visiting), you should use a snnifer like Ethereal
to filter all the traffic comming for/from the host you want.
I hope this can help you.
Regards,
Nuno Paquete
Similar Threads
Linear Mode
