is there a log/ how do i make a log that logs every packet inbound or outbound through my server?
I want every packet or packet fragment to be logged that comes to my server.
"Is there a log" - probably not.
How to make one - use snoop. Man page description:
snoop captures packets from the network and displays their
contents. snoop uses both the network packet filter and
streams buffer modules to provide efficient capture of pack-
ets from the network. Captured packets can be displayed as
they are received, or saved to a file (which is RFC 1761-
compliant) for later inspection.
Warning - you better read the man page, know what you are doing, or have more disk space than EMC. Snoop will fill up a disk quickly if you leave it running all the time. Plus, you would never have the time to go through all the data - learn to use it, and then filter out what you don't need.
I think you can Sniffer...Because It can View and Capture every Packet in your network...
Here:
Aldebaran sniffer v3.0
http://www.rogala.3d.pl
Platforms: Linux
..................................................................................
Aldebaran sniffer v3.0.2
http://www.rogala.3d.pl
Platforms: Linux
..................................................................................
Altivore 0.9.3
Platforms: N/A
..................................................................................
Analyzer
http://netgroup-serv.polito.it/analyzer/
Platforms: Windows 2000, Windows 95/98, Windows NT
..................................................................................
Anger 1.33
http://www.securityfocus.com/tools/5
Platforms: AIX, BSDI, DG-UX, Digital UNIX/Alpha, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, SCO, Solaris, SunOS, True64 UNIX, UNIX, Unixware
..................................................................................
ARP MITM
Platforms: Linux, Solaris, UNIX
..................................................................................
ARP0c connection interceptor
http://www.phenoelit.de/fr/tools.html
Platforms: Linux, UNIX
..................................................................................
ASniffer 1.0 beta 4
http://www.asniffer.com/download.html
Platforms: Windows 2000, Windows 95/98, Windows NT
..................................................................................
COLD
http://www.panservice.it/cold/
Platforms: Linux
..................................................................................
Coopersniff 0.1
http://www4.50megs.com/sniffer/index.html
Platforms: Windows NT
..................................................................................
Despoof 0.9
http://razor.bindview.com/tools/desc/despoof_readme.html
Platforms: FreeBSD, Linux, OpenBSD
..................................................................................
Dsniff 2.3
http://www.monkey.org/~dugsong/dsniff/
Platforms: FreeBSD, Linux, NetBSD, OpenBSD, Solaris
..................................................................................
Echelon for Dummies
http://1337.tsx.org/
Platforms: AIX, FreeBSD, IRIX, Linux, NetBSD, OpenBSD, Solaris
..................................................................................
Epan
http://www.et-inf.fho-emden.de/~tobias/epan/
Platforms: FreeBSD, Linux, Solaris, True64 UNIX, Ultrix
..................................................................................
ethereal-0.9.4
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, SCO, Solaris, True64 UNIX
..................................................................................
ettercap
http://ettercap.sourceforge.net/
Platforms: Linux, xBSD, Mac OS X (darwin 1.3)
..................................................................................
Gnusniff
http://www.ozemail.com.au/~peterhawkins/gnusniff.html
Platforms: Linux
..................................................................................
GreedyDog 1.30
http://shadowpenguin.backsection.net
Platforms: FreeBSD, IRIX, Linux, Solaris, SunOS
..................................................................................
hunt 1.5
http://lin.fsid.cvut.cz/~kra/index.html
Platforms: Linux, Solaris, UNIX
..................................................................................
IPgrab 0.9.6
http://ipgrab.sourceforge.net/
Platforms: FreeBSD, Linux, Solaris
..................................................................................
ippl
http://www.via.ecp.fr/~hugo/ippl/
Platforms: Linux
..................................................................................
KSniffer 0.1.5
http://ksniffer.veracity.nu/
Platforms: Linux
..................................................................................
ksnuffle 2.2
http://www.quaking.demon.co.uk/ksnuffle.html
Platforms: Linux
..................................................................................
LanKiller v1.0
http://www.securityfocus.com/tools/2015
Platforms: Linux
..................................................................................
NATAS 3.00.01
http://intex.ath.cx/natas.shtml
Platforms: Windows 2000
..................................................................................
netlog
http://www.securityfocus.com/tools/136
Platforms: SunOS
..................................................................................
ngrep v1.40
http://ngrep.sourceforge.net/
Platforms: AIX, Digital UNIX/Alpha, FreeBSD, IRIX, Linux, OpenBSD, Solaris, Windows 2000, Windows 95/98, Windows NT
..................................................................................
NtSniff
http://www.maticad.it/davide
Platforms: Windows NT
..................................................................................
Pdump 0.8
http://pdump.lucidx.com/
Platforms: Linux, SunOS
..................................................................................
RawSnif v0.8
http://nightfallsecurity.com/downloads/rawsnif.html
Platforms: FreeBSD, Linux, OpenBSD
..................................................................................
readsmb
http://www.basementresearch.net
Platforms: BSDI, FreeBSD, Linux, NetBSD, OpenBSD
..................................................................................
RelayTCP
http://www.dlcsistemas.com/html/relay_tcp.html
Platforms: Windows 2000, Windows 95/98, Windows NT
..................................................................................
RPCAP v0.1
http://srikrishnan.freeservers.com/
Platforms: Linux
..................................................................................
Serial line sniffer v0.3.4
http://www.azstarnet.com/~ymg/software.html
Platforms: Linux
..................................................................................
Smit 0.12
http://www.starzetz.de
Platforms: Linux
..................................................................................
sniffer 0.5
http://stev.org/sniffer.html
Platforms: Linux
..................................................................................
sniffit
http://reptile.rug.ac.be/~coder/sniffit/sniffit.html
Platforms: FreeBSD, IRIX, Linux, Solaris, SunOS
..................................................................................
Sniffit 0.3.7.beta
http://www.symbolic.it/Prodotti/sniffit.html
Platforms: Windows 2000, Windows NT
..................................................................................
Snuff 0.8.2
http://ns2.crw.se/~tm/projects/snuff/index.html
Platforms: Linux
..................................................................................
Super Sniffer v1.30
http://www.mobis.com/ajax/projects/
Platforms: BSDI, Digital UNIX/Alpha, FreeBSD, IRIX, Linux, NetBSD, OpenBSD, Solaris, SunOS, Ultrix
..................................................................................
Tcpflow 0.20
http://www.circlemud.org/~jelson/software/tcpflow/
Platforms: Linux
..................................................................................
Traffic-vis 0.34
http://www.mindrot.org/files/traffic-vis-0.34.tar.gz
Platforms: Linux
..................................................................................
Tvark alpha
http://www.securityfocus.com/tools/2075
Platforms: FreeBSD, NetBSD, OpenBSD
..................................................................................
WCI 2.1
http://www.phenoelit.de
Platforms: Windows 2000, Windows 95/98, Windows NT
..................................................................................
Win Sniffer Console 1.1
www.winsniffer.com
Platforms: Windows 2000, Windows 95/98, Windows NT
..................................................................................
Win Sniffer v1.22
www.winsniffer.com
Platforms: Windows 2000, Windows 95/98, Windows NT
..................................................................................
WinDump: tcpdump for Windows
http://netgroup-serv.polito.it/windump/default.htm
Platforms: Windows 2000, Windows 95/98, Windows NT
Or, you can just use ipchains for this:
/sbin/ipchains -A input -l -p all
/sbin/ipchains -A output -l -p all
and then set a script to parse /var/log/messages (default for syslogd to send log entries from ipchains):
cat /var/log/messages | grep "Packet log: input" > $HOME/input_log
cat /var/log/messages | grep "Packet log: output" > $HOME/output_log
Then just save these files off-site. However, lots of ppl just like to use someone's tools to do the same thing, but hey, ipchains comes with a lot of distros nowadays, why not use it?
if you want to build advanced logging and to analyze automatically whether there are attacks or similar, just try SNORT. This is an Open Source IDS (Intrusion Detection System). Please note that it is better to shutdown all unnecessary network services in your servers. It makes everything easier.