Personally I prefer tcpflow over tcpdump since it provides colouring which can make things easier to view. This is especially useful on systems where you can't easily transfer files (ie, the packet capture file) from.
In my experience ICMP is usually blocked. nmap can instead be used to test connectivity on the relevant port with a syn scan.
Cool, I never heard of tcpflow. However, it appears this tool only handles tcp, not other transport protocols like udp, right?
Also, regarding icmp, although it is often blocked, you can modify the encapsulation so instead of ip->icmp, you can modify it such that it rides on udp.
Cool, I never heard of tcpflow. However, it appears this tool only handles tcp, not other transport protocols like udp, right?
Yea, in that case you should use tcpdump or something else. I just like the colouring.
Also, regarding icmp, although it is often blocked, you can modify the encapsulation so instead of ip->icmp, you can modify it such that it rides on udp.
Only what is absolutely necessary is let through by the firewall in my past experience. This includes disabling inbound UDP if the application does not need it. SYN scans work because you can poke the ports being used by the application.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Personally I prefer tcpflow over tcpdump since it provides colouring which can make things easier to view. This is especially useful on systems where you can't easily transfer files (ie, the packet capture file) from.
In my experience ICMP is usually blocked. nmap can instead be used to test connectivity on the relevant port with a syn scan.
Thanks Jonathan, will use tcpflow next time I deal with the packets and the directions.
Cool, I never heard of
tcpflow
. However, it appears this tool only handlestcp
, not other transport protocols likeudp
, right?Also, regarding
icmp
, although it is often blocked, you can modify the encapsulation so instead of ip->icmp, you can modify it such that it rides onudp
.Yea, in that case you should use tcpdump or something else. I just like the colouring.
Only what is absolutely necessary is let through by the firewall in my past experience. This includes disabling inbound UDP if the application does not need it. SYN scans work because you can poke the ports being used by the application.