Linux Today: Linux News On Internet Time.

O'Reilly Network: Tools of the Trade (tcpdump, tripwire)

Jul 14, 2001, 21:00 (3 Talkback[s])
(Other stories by Carl Constantine)
"This article is the second of a three-part series that takes a look at some of the common tools you can use on your own systems to spot holes, look for potential problems, and then take steps to tighten your grip on the system.

Last time, I took you through a brief introduction to "honey pots," Ethereal, and the venerable nmap. This time, we'll take a look at a few more common tools, namely tcpdump and Tripwire.

Tcpdump is a network traffic analysis tool originally created by the Network Research Group at Lawrence Berkley National Lab. As the name implies, tcpdump allows you to "dump" TCP traffic to screen or file for later analysis. Actually, tcpdump also serves as a back-end program to many other network analysis tools such as snort and shadow. The underlying traffic capture library, libcap, is also used in other tools such as Ethereal (which we discussed last time), tcptrace, and many others. You can find out more details on these tools from the tcpdump web site. Tcpdump comes with most Linux distributions by default so you don't have to grab it yourself."

Complete Story

Related Stories: