1. tcpdump
-
Monitoring incoming TCP connections. On Linux, this could be done with iptables, but tcpdump is available on multiple platforms, so this is a more general solution:
# tcpdump 'dst host <hostname> and dst port <port> and tcp[tcpflags] & tcp-syn != 0 and tcp[tcpflags] & tcp-ack == 0'The first two lines select the host and TCP port. The third line selects packets with the SYN flag set. Because of the![[WWW]](/wiki/nakedape/img/moin-www.png)
three-way handshake, this line alone would log not only the incoming initial connection packet but also the response packet, which has both SYN and ACK flags set. The fourth line filters this response packet.
