After tcpdump -i ens3 -nn host 192.168.8.69 and port 1514 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel
And output for port number 22. tcpdump -i ens3 -nn host 192.168.8.69 and port 22 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes 11:01:07.432964 IP 10.0.0.4.22 > 192.168.8.69.49766: Flags [P.], seq 2452502731:2452502859, ack 1239911147, win 933, length 128 11:01:07.433030 IP 10.0.0.4.22 > 192.168.8.69.49766: Flags [P.], seq 128:192, ack 1, win 933, length 64 11:01:07.433088 IP 10.0.0.4.22 > 192.168.8.69.49766: Flags [P.], seq 192:320, ack 1, win 933, length 128 11:01:07.433139 IP 10.0.0.4.22 > 192.168.8.69.49766: Flags [P.], seq 320:384, ack 1, win 933, length 64 So my ossec is running on port 22. I suspect that this cause the lack of connection. However when i type lsof -i :1514 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ossec-rem 6374 ossecr 4u IPv6 1075394 0t0 UDP *:1514 How can i change the used port for port number 22? śr., 24 kwi 2019 o 17:48 dan (ddp) <[email protected]> napisał(a): > On Wed, Apr 24, 2019 at 10:25 AM toko123 <[email protected]> wrote: > > > > I am connected to VM via SSH on port 22 . > > I belive that my OSSEC Server is running on default port. However i > don't know how to check it. > > > > `tcpdump -i ens3 -nn host 192.168.8.69 and port 1514` > > should give you the traffic going to and from ossec. > > > > > W dniu środa, 24 kwietnia 2019 16:13:24 UTC+2 użytkownik dan (ddpbsd) > napisał: > >> > >> On Wed, Apr 24, 2019 at 9:52 AM toko123 <[email protected]> wrote: > >> > > >> > I am getting started with OSSEC and i want to configure windows > agent. I have followed the documentation and this. My server is a VM ubuntu > and I want to have an Windows Agent. > >> > > >> > This is the output of active agents. > >> > > >> > /var/ossec/bin/agent_control -i 001 > >> > > >> > > >> > OSSEC HIDS agent_control. Agent information: > >> > > >> > Agent ID: 001 > >> > > >> > Agent Name: WindowsAgent > >> > > >> > IP address: 192.168.8.69/32 > >> > > >> > Status: Never connected > >> > > >> > > >> > Operating system: Unknown > >> > > >> > Client version: Unknown > >> > > >> > Last keep alive: Unknown > >> > > >> > > >> > Syscheck last started at: Unknown > >> > > >> > Rootcheck last started at: Unknown > >> > > >> > This is list of already added agents. > >> > > >> > Available agents: ID: 001Name: WindowsAgent, IP: 192.168.8.69 > >> > > >> > I thounght that it may be the firewall problem but on the server side > I have droped the firewall. > >> > The IP are take from ifconfig command. > >> > > >> > vm:~/ossec-hids-3.2.0# tcpdump -i ens3 src 192.168.8.69 > >> > > >> > tcpdump: verbose output suppressed, use -v or -vv for full protocol > decode > >> > > >> > listening on ens3, link-type EN10MB (Ethernet), capture size 262144 > bytes > >> > > >> > 13:44:30.979244 IP 192.168.8.69.55341 > 10.0.0.4.ssh: Flags [.], ack > >1445060350, win 16319, length 0 > >> > > >> > The connection seems to be working. > >> > > >> > >> Is your ossec server running on port 22? > >> > >> > Any ideas? > >> > > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send an email to [email protected]. > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
