4

I have installed Ubuntu Lucid on a VPS. I installed a webserver, and also a mail server (POSTFIX).

What I noticed is that some websites are continuously pinging my domain*. I have also received a number of SPAM mail that is delivered to my IP.

What I want is an utility that record every ping or request to every port in my VPS. Is there something like that?

  • I noticed this reading my webserver log which showed that some sites were requesting resources (images) from some dead links on my domain
Omar Abid
  • 143
  • Your router is likely to already do this. – Rinzwind Jan 08 '12 at 17:38
  • 1
    If it is a public server you are going to get overwhelmed with background noise fast. IMO it is better to either rate limit ping (with ufw or iptables) or monitor your network traffic with a tool such as snort. Yes there is a learning curve with snort, but the advantage is that it will filter through all the background traffic and alert you to the traffic you should worry about. An alternate , light weight solution would be psad. I have a write up on psad on my web page - http://bodhizazen.net/Tutorials/psad – Panther Jan 08 '12 at 17:41

2 Answers2

10
sudo tcpdump -i eth0 proto \\icmp

If you wanna monitor an interface other that eth0, provide it's name in place of eth0.

Shan Valleru
  • 301
  • 2
  • 5
9

There are a lot of ways...

  1. Have a look at the default firewall UFW (should already be installed).
  2. wireshark Install wireshark can do this too.
  3. tcpdump ip proto \\icmp can be used to monitor incoming ping (real time).
jokerdino
  • 41,320
Rinzwind
  • 299,756