This is a very granular filtering usage of tcpdump and it helps my understanding of the simply but powerful tool.
I have been behind in my posts, and I have quite a few items to get posted. Today I wanted to walk through an example of tcpdump can be useful when tracking down malicious traffic on your network. I am going to use the example of IrnBot to demonstrate a handy technique. IrnBot (named after the Scottish drink IrnBru), also popularly known as Rinbot, produces a lot of traffic on port 1433, 2967 and 139. It also opens up a connection to irc servers on the outside over port 8080.
View original post 533 more words