Way back on May 15, 3:25am, Brian Mitchell wrote: > This is a good idea. I have also written a similar tool, although mine > logs all syn packets. It uses the libpcap interface. Should compile under > linux, freebsd, irix, sunos, solaris, etc. It is available at > http://www.saturn.net/~brian/files/clog-001.tar.gz (libpcap is not > included with the distribution). Well, while we're on the subject.. I've written a perl script to do a similar task-- mine logs all SYN packets (although you can exclude data destined for a particular port; I exclude port 80 and 113 as they generate so much traffic) as well as logging portscans. It requires tcpdump and a little bit of hacking to get it to work on your particular subnet, but it doesn't chew alot of CPU time -- unless, of course, someone is doing a portscan :-) You can find it at http://www.nbs.nau.edu/~jwa/Security/synsniff.tar.gz Comments/suggestions about how to improve it are welcome. James -- James W. Abendschan Email: jwa@nbs.nau.edu UNIX Systems Programmer/Administrator Phone: (520) 556-7466 x238 Colorado Plateau Research Station, Flagstaff, AZ Voice mail: *516