[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How can I get all IP transactions (in/out) logged?

> It seems to me that the log won't necessarily be very large. It really
> depends on how the connection is being used, doesn't it? An hours
> worth of log from a dialup connection couldn't be very large, for
> example.
> 
> Of course, on a broadband connection with lots of websites being
> visited or files being downloaded, the log would become quite large
> fairly quickly.

It  would depend on how much information is logged.  Logging the
contents
of packets during a web surfing session would generate
a large file.  But, all I'm interested in is a source and destination
IP for what has gone in and out of my system, along with possibly what
port was used, what process ID was using the port, a timestamp, and a
packet count.

I found a reference on the linuxsecurity website to some sort of utility
that will troll the various logfiles in an attempt to reconstruct some
of this information, ostensibly in the aftermath of a successful
cracking
attempt.  Another reference suggests running a packet sniffer ("snort"?)
on your system.  It seems rather silly to have to resort to that sort of
thing, when enough system access is available to facilitate tracking
network activity proactively.

But what do I know...  even my experience at breaking and entering is
sadly
outdated...
Reply to: