Subject: Re: telnetd core
To: None <>
From: Wolfgang S. Rupprecht <>
List: netbsd-users
Date: 12/30/2002 14:30:11 (Wojciech Puchar) writes:
> full tcpdump is started for this port.
> all i need is to wait for attacker or (or RAM/CPU error).

Make sure you run it with '-s 1500' to get the full packets, and it
wouldn't hurt to run it with '-w /tmp/telnet.tcpdump' so you can play
back the data if you snag something interesting.

I often run with full packet logging on the internet side, and it
doesn't seem to slow the machine or network code down enough to matter
(at least not on a consumer DSL line).


	while :
	    roll-logs /v/pktlogs/tcpdump.raw
	    tcpdump -s 1500 -c 5000 -w /v/pktlogs/tcpdump.raw
    ) &

Roll-logs just does the obvious "file -> file.0.gz" rolling.

Wolfgang S. Rupprecht

spider food:
(NOTE: The email address above is valid.  Edit it at your own peril.)