capture incoming telnet requests all the time using tcpdump

0

I want to check if I get any incoming telnet request. After doing google, I found out that tcpdump can be used for this purpose. This is the tcpdump command I would use.

$ tcpdump -i wlan0 -w telReqCapt.pcap 'dest host <myIpAddress> and port 23'

However I am not able to think of a way so that this monitoring is ALWAYS done. How do I do this ?

I have thought of few approach.

  1. After everytime I log-in, I will run the tcpdump command. However this has to be done manually everytime.

  2. I will add the tcpdump command in me ~/.bashrc so that everytime I open the terminal, the tcpdump command will run. But I dont know what will happen if I open two terminals (or two bash session) at same time. I feel there will be an issue because both the tcpdump will try to write to same file.

  3. Write a bash script containing the tcpdump command and make it run everytime system boots using upstart (/etc/init/)(I use ubuntu) or by putting the script in /etc/init.d.

I think approach 3 is best suited for my needs, because I want to monitor if I get incoming telnet requests for the entire time (since my machine boots, untill it is powered off).

However please let me know if this approach has any problem with it ? Can I start tcpdump everytime my system boots ? Is there anyuthing I need to take care of while following this approach. Any performance issues ?

Finally, is there ANY OTHER way I can use tcpdump to capture incoming telnet requests all the time (since the time the machine boots up untill it is powered off).

sps

Posted 2015-11-01T07:55:33.833

Reputation: 111

Just thinking out loud, why not let Netcat listen on TCP/23, forward the traffic to an alternative TCP port where the telnet daemon is listening on and let Netcat log everything to a file? TCP Dump seems to be quite "heavy" for just this job. – Jeroen – 2015-11-01T11:44:09.467

@Jeroen-ITNerdbox thank you for the suggestion. I will try to learn netcat. I recently learned tcpdump so I was thinking I will use it to see if i get any telnet requests .. – sps – 2015-11-01T11:52:53.700

Don't use tpcdump. Use iptables. – Konrad Gajewski – 2015-11-02T17:58:58.930

Answers

1

If you want it to start automatically when you turn the computer on, writing a startup script like you describe in option 3 is the best. The important thing to remember is that the environment, particularly the search path and current working directory, may not be what you expect. Use full paths (not relative paths) everywhere.

If you want to start manually but have it keep running until shutdown, there are programs such as nohup or screen that let you do this.

Mark

Posted 2015-11-01T07:55:33.833

Reputation: 1 304

Asked: 2015-11-01T07:55:33.833

Viewed: 957 times

Active: 2015-11-01T13:32:57.017