Author Topic: List all incoming connection in Linux via "TCPDUMP"  (Read 746 times)

0 Members and 1 Guest are viewing this topic.

Offline hack3rcon

  • Peasant
  • *
  • Posts: 80
  • Cookies: -216
    • View Profile
List all incoming connection in Linux via "TCPDUMP"
« on: October 03, 2015, 05:35:52 pm »
Hello.
How can I use "TCPDUMP"  for monitor all incoming IP address and not all protocols?

I read below links :

1- http://www.rationallyparanoid.com/articles/tcpdump.html
2- http://www.tecmint.com/12-tcpdump-commands-a-network-sniffer-tool/
3- http://edoceo.com/cli/tcpdump

but they just used "TCPDUMP" on specific ports or IP addresses. I want to use "TCPDUMP" on all ports and IP for show me that "IP X.X.X.X on port X" want incoming and nothing else. Just show me incoming IP and port.

Any idea?

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: List all incoming connection in Linux via "TCPDUMP"
« Reply #1 on: October 03, 2015, 10:48:19 pm »
Hello.
How can I use "TCPDUMP"  for monitor all incoming IP address and not all protocols?

I read below links :

1- http://www.rationallyparanoid.com/articles/tcpdump.html
2- http://www.tecmint.com/12-tcpdump-commands-a-network-sniffer-tool/
3- http://edoceo.com/cli/tcpdump

but they just used "TCPDUMP" on specific ports or IP addresses. I want to use "TCPDUMP" on all ports and IP for show me that "IP X.X.X.X on port X" want incoming and nothing else. Just show me incoming IP and port.

Any idea?

TCPDump is a packet dumper and is not really suitable for such things although you could pipe it through unique and some cuts.
I would suggest you look into iftop , but there are many similar applications around.
IPTraf is also one of my favorites.
« Last Edit: October 03, 2015, 10:49:45 pm by proxx »
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline hack3rcon

  • Peasant
  • *
  • Posts: 80
  • Cookies: -216
    • View Profile
Re: List all incoming connection in Linux via "TCPDUMP"
« Reply #2 on: October 04, 2015, 01:24:16 pm »
TCPDump is a packet dumper and is not really suitable for such things although you could pipe it through unique and some cuts.
I would suggest you look into iftop , but there are many similar applications around.
IPTraf is also one of my favorites.

Thank you but I guess these tools show all IPs like "Tcpdump" and just show who want connect to my PC. Am I wrong?
Which ports are used for attacks on a Desktop Linux more?

Offline rogue.hackz

  • Peasant
  • *
  • Posts: 55
  • Cookies: 4
    • View Profile
Re: List all incoming connection in Linux via "TCPDUMP"
« Reply #3 on: October 04, 2015, 11:03:45 pm »
Thank you but I guess these tools show all IPs like "Tcpdump" and just show who want connect to my PC. Am I wrong?
Which ports are used for attacks on a Desktop Linux more?

I really don't understand what you're talking about, tcpdump is a general purpose network sniffer only meant for capturing traffic, not decoding protocols. If you're looking for a network protocol analyser there's wireshark.

Also why would you care about whose connecting to your pc? If you have no services like ssh running, they simply can't connect. And you can have iptables rule setup to drop all inbound packets.

Please don't spam this thread with stupid questions, try to do some research first before asking.
"The only true wisdom is in knowing that you know nothing" -Socrates

Offline hack3rcon

  • Peasant
  • *
  • Posts: 80
  • Cookies: -216
    • View Profile
Re: List all incoming connection in Linux via "TCPDUMP"
« Reply #4 on: October 05, 2015, 08:32:36 pm »
I really don't understand what you're talking about, tcpdump is a general purpose network sniffer only meant for capturing traffic, not decoding protocols. If you're looking for a network protocol analyser there's wireshark.

Also why would you care about whose connecting to your pc? If you have no services like ssh running, they simply can't connect. And you can have iptables rule setup to drop all inbound packets.

Please don't spam this thread with stupid questions, try to do some research first before asking.

I'm sure you afraid of it like me.
Some people recommended "Snort" or "Suricata-IDS" for finding who connected to my PC but I need some simplest and lightest tools. I know "tcpdump" is a knife and can tell what IP connected but I must know the port number or IP of hacker but it is silly :(

Offline novaccainne

  • Serf
  • *
  • Posts: 29
  • Cookies: 2
    • View Profile
Re: List all incoming connection in Linux via "TCPDUMP"
« Reply #5 on: October 06, 2015, 10:18:03 am »
You can sniff the network packets with tcpdump but if you only would like to find out which port a program is running then I think it would be better (and more easir for you ) using netstat.

For example :

$ netstat -vantupl | grep -i estab

Or you can track your connections with lsof:

$ lsof -i

Tcpdump is a sniffer application which capabale to analyze the traffics on your 'network' interfaces. You can find more information about it with google.