On Mon, Jun 17, 2013 at 11:43 AM, dan (ddp) <[email protected]> wrote: > On Mon, Jun 17, 2013 at 11:41 AM, David Blanton > <[email protected]> wrote: >> Sorry - I am relatively new to Linux/RHLE5. >> >> I read the page on tcpdump command and cannot figure out what they mean by >> interface. What would I specifically be addressing as the interface here? >> > > `ifconfig -a` will give you a list of interfaces. The one with the IP > address is the one you want to start with. >
And that would be non-localhost addresses, probably starting with eth. And since this is looking at network traffic, an email will have to be attempted before you will see the traffic. >> On Monday, June 17, 2013 11:32:04 AM UTC-4, dan (ddpbsd) wrote: >>> >>> On Mon, Jun 17, 2013 at 11:22 AM, David Blanton >>> <[email protected]> wrote: >>> > >>> > Here is what happened when I did your command: >>> > >>> > # tcpdump port 25 >>> > >>> > tcpdump: verbose output suppressed, use -v or -vv for full protocl >>> > decode >>> > listening on eth0, link-type EN10MB (Etherned), capture size 96 bytes >>> > (ctrl + c) >>> > 0 packets captured >>> > 0 packets received by filter >>> > 0 packets dropped by kernel >>> > >>> >>> Are you sure this is the correct interface? Are you sure an alert >>> fired that should trigger an email to the att address? >>> >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google >>> > Groups >>> > "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> > an >>> > email to [email protected]. >>> > For more options, visit https://groups.google.com/groups/opt_out. >>> > >>> > >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
