Subject: Re: telnetd core
To: None <email@example.com>
From: Wolfgang S. Rupprecht <wolfgang+gnus20021230T142236@wsrcc.com>
Date: 12/30/2002 14:30:11
firstname.lastname@example.org (Wojciech Puchar) writes:
> full tcpdump is started for this port.
> all i need is to wait for attacker or (or RAM/CPU error).
Make sure you run it with '-s 1500' to get the full packets, and it
wouldn't hurt to run it with '-w /tmp/telnet.tcpdump' so you can play
back the data if you snag something interesting.
I often run with full packet logging on the internet side, and it
doesn't seem to slow the machine or network code down enough to matter
(at least not on a consumer DSL line).
tcpdump -s 1500 -c 5000 -w /v/pktlogs/tcpdump.raw
Roll-logs just does the obvious "file -> file.0.gz" rolling.
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
spider food: http://www.wsrcc.com/baddream/usenet/
(NOTE: The email address above is valid. Edit it at your own peril.)