[CentOS] log outbound port 80 connections

Tue Feb 5 17:29:30 UTC 2008
John R Pierce <pierce at hogranch.com>

Tony Schreiner wrote:
>> assuming you want to log user web browsing traffic, configuring a 
>> Squid transparent proxy at your network border would be the best 
>> way.  its logfiles are quite similar to those of a webserver, so you 
>> can use a wide range of log analysis tools.
>>
>
> To get more specific about what's going on.  My network services have 
> informed me that the machine is probing other systems at a high rate. 
> An infection of some sort. And I'm trying to track down what's going on.

ah.  tcpdump -i ethX tcp port 80

(and prepare for a flood of data).