[Dshield] Port 7730

Johannes B. Ullrich jullrich at sans.org
Fri Feb 17 16:55:51 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

tcpdump -w /tmp/capture udp port 7730

don't forget to add '-s 1600' to get full payloads

tcpdump -s 1600 -w /tmp/capture udp port 7730

also... I always first just do

tcpdump -s 1600 -w /tmp/capture

and then apply filters to the capture file if possible...
In particular if you want to work out 'mystery traffic', you may want to
see if there is other traffic that triggers the mystery traffic (e.g.
once you find a host that you exchange data with on udp 7730, you may
want to figure out what else you received from them/sent to them)




- --
- ---------
Johannes Ullrich                        jullrich at sans.org
Chief Research Officer                     (617) 639 5000
http://isc.sans.org
PGP Key: https://secure.dshield.org/PGPKEYS

"We use [isc.sans.org] every day to keep on top of
 security at our bank" Matt, Network Administrator.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD9gAWPNuXYcm/v/0RA+/iAJoCL/Xf7DwaaqP5axl5yVBa3b8RPACff/QP
tahv8W0i54uh4j75Ic7ZsHw=
=bi7L
-----END PGP SIGNATURE-----


More information about the list mailing list