Subj : Re: RFI-Software: We want to see what our network is sending to the cable modem.
To   : alt.os.linux.smoothwall,comp.os.linux,comp.os.linux.networking,comp.os.linux.security
From : w4tch3r
Date : Wed Jun 16 2004 12:30 am

In article <40ccf44b$0$11525$afc38c87@news.optusnet.com.au>, 
sizequeens@optusnet.com.au says...
> Our question is: We will run linux on the laptop to act as a router and 
> sniffer but what EXACT softwares should I run.
> 
> We need a BaseOS, router, packet sniffer and decent log analyzer for linux.
> 
> 

Don't forget also, for some basic tests, you have some options that can 
be run from right on smoothwall itself.  Start with an "ifconfig" or "ip 
addr" and figure out the name of you external interface (most likely, 
its one of eth0, eth1 or eth2 - the one which does not have an internal 
ip 192.168.x.x or 10.0.x.x for example), then you can do either of the 
following to get info on every packet coming/going from the red 
interface (for my examples, eth0 is the red interface):

tcpdump -I eth0   <---- will give you a one line summary for every 
packet, you can see source and destination ips

snort -v -I eth0   <---- will give you the header for every packet
snort -v -x -I eth0  <---- will dump the contents of every packet


tcpdump also has extensive filtering capabilities.  You can filter on 
pretty much all TCP packet attributes (source, dst, size protocol, 
flags, etc)

.