Ask Your Question
0

How to log attempts of attack - before machine is crashing ?

asked 2019-06-10 18:34:49 +0000

penguin1024 gravatar image

updated 2019-06-10 18:36:18 +0000

Hi all !

I want to log the traffic in wireshark (over eth0 or enp2s0 or any) before the machine might crash. For example somebody tried to attack 4 days ago - the BlackHat tried to install keylogger into gdm of gnome - and too he tried to scan my password. Because my password is behaving like a worm, which fires back by scan - the machine (with Solus 4.0) crashed - is there somewhere a log-file of wireshark about this crash ? - where I can see, which ip this was and so on ? - How would I have to adjust wireshark to log crashes too, when attacker is firing like he did it 4 days ago ? (my password is behaving like a bomb with exploding salad, at least 1,4 GiBi - when attacker want so scan it.) Cheers.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-06-11 21:53:57 +0000

Spooky gravatar image

Hi Penguin1024,

You may run Wireshark in the background of your Linux distro but it may end up capturing a lot of traffic for nothing if you just start capturing traffic blindly.

You could use the circular buffer feature to keep only the last hour of traffic or the last X gigabytes of traffic. You'll need to figure out what works best for you depending on available storage and also on how often you'll be on the box to actually notice the attempted hack.

That being said, Wireshark will capture raw packets so you'll to go through the capture to figure out what IP address or addresses the hacker used. In other words, you'll need to filter out the good packets from the bad packets.

Hope this helps.

Cheers,

JFD

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2019-06-10 18:34:49 +0000

Seen: 177 times

Last updated: Jun 11 '19

Related questions

Count specific frame from the given log

Capture file appears to be damaged or corrupt

Because the IP WAN appears in the source column and not the LAN

Merge regular text logs (as info) and packet captures

Is it possible to find causes of my home internet dying from messeges in Wireshark capture?

TLS log file encryption with WireShark is not working properly

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2