Hi, I have a fedora15 box with two interfaces and shorewall-v4.4.23.3 connected to a cable modem and a few internal hosts, primarily doing web and email traffic, and a little bittorrent. I have a consistent amount of rejected packets that I think originate from bittorrent traffic, although I can't be sure.
How can I easily identify this traffic to determine if it's being masqueraded or forwarded for bittorrent, or it's just some random rogue attack? Here's an example from the logs: [ 6833.967833] Shorewall:ext2fw:REJECT:IN=br0 OUT= MAC=40:61:86:4e:84:09:00:21:a0:75:e3:12:08:00 SRC=58.166.65.50 DST=68.XXX.YYY.42 LEN=105 TOS=0x00 PREC=0x00 TTL=41 ID=27915 PROTO=UDP SPT=31469 DPT=31469 LEN=85 I understand I can use tcpdump or wireshark, but do you have any recommendations on parameters for these applications to most easily identify this traffic? Is there an easier way to identify NAT traffic in real-time, as it would pertain to bittorrent? Thanks, Alex ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
