Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 12 days ago.
Improve this question
How to configure Suricate to capture packets on the entire network? I have already configured the Suricate but it's only capturing packets that send to Suricata installed host. I want the whole network packets to be captured by Suricata.
I have two different networks such as Data and Internal where Suricata is placed in Internal Network. I have already configured my switch to monitor few ports and destine to second port of Suricata Server but still I didn't see any changes.
Can some help on this matter?
the interface should be in promiscuous mode - to see all traffic.
(HOWTO depends on your os)
ifconfig eth1 up
ifconfig eth1 promisc
and check what is defined in suricata yaml who's under $HOME_NET , and what rules files are set, I recommend to take a glance there to better understand why certain rule is fired.
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 days ago.
Improve this question
I've recently implemented stricter firewall rules, and I keep seeing the Apple devices on my local network attempt to reach out to 192.168.1.156 or 192.168.1.152. In an attempt to understand what it's doing, I ran tcpdump and received this output:
19:36:05.273166 IP 192.168.22.8.53058 > 192.168.1.156.bbs: Flags [S], seq 2685942121, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2363049810 ecr 0,sackOK,eol], length 0
19:36:14.889388 IP 192.168.22.8.53064 > 192.168.1.152.bbs: Flags [S], seq 3567670609, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2054024907 ecr 0,sackOK,eol], length 0
Can anyone help explain what the bbs port/protocol is, and/or why Apple devices keep trying to talk to these seemingly random IPs outside of their subnet? To be more specific, it's both iPhones and the Apple TV doing it, but not the homepods on the same network.
Possibly you have another router broadcasting on your network hosting dhcp and trying to handle address spaces at the same time. Sometimes if you have a secondary router and it's not acting as an access point it will do that. Don't know if this helps I don't know alot and am not that experienced. Also BBS is bulletin bus service.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I’m changing a server with a bare metal installation with one ip to a new cisco sever with esxi with 3 vm’s, one of them is going to be a nat router to nat the traffic to the other 2 vm’s, is there a way to keep using one just ip ?
I don’t think so, you will need at least 2 one for esxi virtual network to communicate with your network and one for your nat router vm to distribute the traffic via NAT
In fact if your server has CIMC you will need another one to have a remote access to CIMC if you need to recover the server, but it’s not mandatory because you can always connect to CIMC through the console.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
So after googeling there seem to be a lot of people saying that you cannot capture packets from a simulation in Packet Tracer with Wireshark. However, my prof has given me this as an assignment.
I cannot seem to figure it out.
The Scenario:
2 computers (192.168.1.1 and 192.168.1.2) are linked. I ping from PC 1 ( 192.168.1.1) to PC 2. I want to capture these packets.
How would I go about his?
As far as I know, In Packet Tracer you cannot use Wireshark. You can use Packet Tracer's built in simulation and packet filters to track packets.
Other than Packet Tracer,
There are two solutions to your problem:
Physically connect two PCs and just run Wireshark on one PC's network adapter. You can see everything there is between the two of them.
Emulators like gns3 provide facility to attach wireshark to Switch/Router interfaces (Network cards), So you can create a scenario in Gns3 with 2 PCs connected by a switch and activate wireshark on one of the switch port.
Please note that in GNS3 wireshark cannot be attached to the host PC port itself. So that's why we are using an intermediate switch to host wireshark capture.
*Just an advice: Don't use packet tracer, its unreliable and incomplete and sometimes displays or operates wrongly, use emulators like GNS3 which can emulate 99% functionality of routers and connecting network.
You can not use Packet Tracer with Wireshark because Packet Tracer is just an simulator that you can not connect to other programs, you can use GNS3 because it supports real operating Router systems and Switch Layer 3 and you can connect it to programs such as Wireshark, Nmap and others and you can connect it with local server and virtual devices Such as vmware or VB
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I want to use the port 12345 for hosting a server for an application I have, however the port is already in use by another program.
I have already tried:
netstat -anb
However, none of the programs listed use this port. Doing some research online I found out that Trend Micro Security uses this port. though I used to have this Anti-Virus software installed on my computer, I have long ago switched to Norton, and am still not able to use this port.
I use netgear, and have no problems using other ports.
Any help will be appreciated.
Mona.
NetGear has been known to have problems with port 12345. Try calling their support.
Belkin and Dlink work fine. So if possible, try changing your router to see if the problem goes away. If yes, then it is a router issue. If not, then contact your ISP since they block 12345 as well.
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 12 days ago.
Improve this question
Whenever I try to listen to a specific wifi channel using airodump I got : fixed channel wlan0: -1
I try to change the channel but it's always -1!
I use Ubuntu 12.04.
What you have to do is execute ifconfig wlan0 down
make sure you are not connected to any wireless network, try:
airodump-ng -<the channel you want> --bssid<the wireless network you want> mon0
If it doesn't work, try:
ifconfig wlan0 down then
ifconfig mon0 down then
iwconfig mon0 mode monitor then
ifconfig wlan0 up then
ifconfig mon0 up and try to sniff now.