Knowledgebase

TCPDump

Posted by yah0m, 11-25-2008, 06:15 PM
TCPDump Right now I'm on Google looking up some TCPDump articles, but figured I would open up a topic here in case someone has done this before and might have some good tips and/or links. Anyway what I plan to do is examine the packets of this DDoS and see if they have a common header and block it.
Posted by WebHostingNeeds, 11-25-2008, 09:11 PM
I don't think it is useful to block DDoS. When i get my first ddos, data center told me to look tcpdump. But it won't help me. You can find some info at http://www.webhostingneeds.com/Tcpdump __________________YouTube Clone Hosting
Posted by k3oni, 11-26-2008, 01:50 AM
Actually tcpdump is helpful if you know where to look but may be hard to read if used without any strings. Many ddos attacks are being run using some common scripts which for example are using an already set TTL value which many will not modify so you can catch them by reading and matching the TTL values and so on, ttl value based search is just an example. Of course you may end up blocking valid queries but that happens when it comes to this type of attacks. __________________http://www.creative.gd - Meet the Creative World - Start a design project with ushttp://www.hostechs.com - A life to learn - Personal blog
Posted by Aun Muhammad, 11-26-2008, 04:18 AM
tcpdump could help to identify the attack to some extent but this could not be full and final fix.Check below url for more details about tcpdump.May be this could be of any help to you.http://linux.byexamples.com/archives...ge-of-tcpdump/ __________________ Aun Muhammad Razawww.aunraza.net
Posted by majoosh, 11-26-2008, 06:18 AM
Quote: Originally Posted by Aun Muhammad tcpdump could help to identify the attack to some extent but this could not be full and final fix.Check below url for more details about tcpdump.May be this could be of any help to you.http://linux.byexamples.com/archives...ge-of-tcpdump/ yeah that's right. tcpdump -n dst port will listen/trace the connection to that specific port. tcpdump -n -i eth0 -s 0 -w output.txt src or dst port 80 The above command traces the request to port 80 from your pc where you run tcpdump... and more You may need to man tcpdump Majoosh


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
mod_security help needed (Execution failed while reading output) (Views: 619)
Months between dates (Views: 622)
Green Geeks: Charging a $15 "Took advantage of money-back guarantee" fee!With his propaganda does no (Views: 939)
Hostpolar main site + VPS02 SolusVM down? (Views: 694)
Managed Dedicated Opinions (Views: 635)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.