Ask Your Question
0

How to log attempts of attack - before machine is crashing ?

asked 2019-06-10 18:34:49 +0000

penguin1024 gravatar image

updated 2019-06-10 18:36:18 +0000

Hi all !

I want to log the traffic in wireshark (over eth0 or enp2s0 or any) before the machine might crash. For example somebody tried to attack 4 days ago - the BlackHat tried to install keylogger into gdm of gnome - and too he tried to scan my password. Because my password is behaving like a worm, which fires back by scan - the machine (with Solus 4.0) crashed - is there somewhere a log-file of wireshark about this crash ? - where I can see, which ip this was and so on ? - How would I have to adjust wireshark to log crashes too, when attacker is firing like he did it 4 days ago ? (my password is behaving like a bomb with exploding salad, at least 1,4 GiBi - when attacker want so scan it.) Cheers.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-06-11 21:53:57 +0000

Hi Penguin1024,

You may run Wireshark in the background of your Linux distro but it may end up capturing a lot of traffic for nothing if you just start capturing traffic blindly.

You could use the circular buffer feature to keep only the last hour of traffic or the last X gigabytes of traffic. You'll need to figure out what works best for you depending on available storage and also on how often you'll be on the box to actually notice the attempted hack.

That being said, Wireshark will capture raw packets so you'll to go through the capture to figure out what IP address or addresses the hacker used. In other words, you'll need to filter out the good packets from the bad packets.

Hope this helps.

Cheers,

JFD

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2019-06-10 18:34:49 +0000

Seen: 193 times

Last updated: Jun 11 '19