On Tue, 4 Apr 2017, Kevin A. McGrail wrote:
On 4/4/2017 9:14 PM, John Hardin wrote:
At the most basic you'd filter for the port spamd is listening on:
Hmm, thinking about my firewall question in context with this issue of how to
use tcpdump. I think we already have this info with this line:
Apr 2 10:31:26 oss2 spamfilter: Sat Oct 15 16:24:54 2016 [2758] info: spamd:
connection from ip6-localhost [::1]:56238 to port 783, fd 5
Yeah, I did see that. The netstat would probably catch something running
on the SA host itself. It actually would catch stuff from other hosts, but
it takes a snapshot where tcpdump captures and reports traffic as long as
it's running.
So a grep -v should give the same info which from a spotcheck of the log
snippet isn't going to identify another host.
"grep -v" of what? The logged info: lines (assuming they aren't being
discarded at the moment)?
That does work for identifying hosts, but it won't tell you what's on the
other end of the connection.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The tree of freedom must be freshened from time to time
with the blood of tyrants and tyrannosaurs.
-- DW, commenting on the GM6 Lynx .50BMG bullpup
-----------------------------------------------------------------------
9 days until Thomas Jefferson's 274th Birthday
