[CentOS] log outbound port 80 connections
John R Pierce
pierce at hogranch.com
Tue Feb 5 17:29:30 UTC 2008
Tony Schreiner wrote:
>> assuming you want to log user web browsing traffic, configuring a
>> Squid transparent proxy at your network border would be the best
>> way. its logfiles are quite similar to those of a webserver, so you
>> can use a wide range of log analysis tools.
>>
>
> To get more specific about what's going on. My network services have
> informed me that the machine is probing other systems at a high rate.
> An infection of some sort. And I'm trying to track down what's going on.
ah. tcpdump -i ethX tcp port 80
(and prepare for a flood of data).
More information about the CentOS
mailing list