[Dshield] Port 2500

Ryan McConigley ryan at csse.uwa.edu.au
Mon Mar 21 01:13:09 GMT 2005


	Just a follow-up.  Found out what the port 2500 was, it was running 
Gnucleus, a p2p app (as pointed out by Stephane).  As for how I captured 
the packets.  They were caught on our boundary firewall using tcpdump with 
the command: tcpdump -i br0 'src host <machine_IP> or dst host 
<machine_IP>' -s 0 -w /tmp/machine.dump

	We use a bridging firewall, hence the interface of br0.  I believe that is 
the correct command to log all packets too or from an IP address, but I'm 
the first to admit, its been a while since I've used tcpdump, so I could be 
completely wrong.

	Cheers,
		Ryan.
--
           Ryan McConigley - Systems Administrator                  _.-,
      Computer Science   University of Western Australia        .--'  '-._
        Tel: (+61 8) 6488 7082 - Fax: (+61 8) 6488 1089       _/`-  _      '.
Ryan[@]csse.uwa.edu.au - http://www.csse.uwa.edu.au/~ryan  '----'._`.----. \
                                                                      `     \;
  "You're just jealous because the voices are talking to me"                ;_\






More information about the list mailing list