May 19, 2011
Let’s say I want to collect the following info on a set of servers locally to the system:
– any tcp or udp connection (in or out) and the source and dest ports – but only to or from a specific set of hosts.
– uniqued so I don’t have more than one copy of any connection
what would be the least invasive way to do that? I thought of something like tcpdump – but that seems expensive. I also thought about trying to do something like it with iptables logging – but I’m not sure how much control I can get from the output of the logs.
May 4, 2011
or is it a canard?
or is it maybe a red fish?
so hard to tell these days.
just ignore this.