Subject: Re: telnetd core
To: Wolfgang S. Rupprecht <wolfgang+gnus20021230T142236@wsrcc.com>
From: Wojciech Puchar <firstname.lastname@example.org>
Date: 12/31/2002 08:40:23
> email@example.com (Wojciech Puchar) writes:
> > full tcpdump is started for this port.
> > all i need is to wait for attacker or (or RAM/CPU error).
> Make sure you run it with '-s 1500' to get the full packets, and it
> wouldn't hurt to run it with '-w /tmp/telnet.tcpdump' so you can play
> back the data if you snag something interesting.
i'm doing it just like that!
> I often run with full packet logging on the internet side, and it
> doesn't seem to slow the machine or network code down enough to matter
> (at least not on a consumer DSL line).
> while :
> roll-logs /v/pktlogs/tcpdump.raw
> tcpdump -s 1500 -c 5000 -w /v/pktlogs/tcpdump.raw
> ) &
> Roll-logs just does the obvious "file -> file.0.gz" rolling.
> Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
> spider food: http://www.wsrcc.com/baddream/usenet/
> (NOTE: The email address above is valid. Edit it at your own peril.)