Re: TCPDUMP Problem...
Odd stuff going on here. If you're sure that mysql is listening on the
network. (I assume you can connect from a remote host with -h hostname)
and if tcpdump is not working correctly (I *seriously* doubt such a huge
bug in your version of tcpdump) then I think you may want to start
checking for r00tkits on your box...
Alexandru Stefan-Voicu said:
> On Mon, 31 Jan 2005 10:54:02 -0500, Phil Dyer <firstname.lastname@example.org> wrote:
>> Are you using the -p switch to tcpdump? That will take it out of
>> permiscuous mode, and you'll only see traffic destined for the box, not
>> forwarded traffic. Perhaps the nic doesn't support promisc mode? You
>> could try "ifconfig eth0 promisc" before running tcpdump.
> Tried it, didn't work. Tried tcpdump -p with eth0 in promisc and NO
> promisc mode, tried tcpdump also with eth0 in promisc and no promisc.
> Still nothing, all I get is lots of arp who-has requests and some things
> about DNS.
> Another silly thing is that I have mysql installed and listening on port
> 3306 (standard), but even if mysql is running (it's present in ps -ax and
> is used by snort and snortreport), it doesn't show up in "netstat -npta".
> And IT'S NOT BLOCKED ANYWHERE !! But that's off-topic anyway.