IP Address Filtering

Previous page
Table of content
Next page

I must admit that I build IP address filters more than any other address filter. When I go onsite and do the 'laying on of hands,' I undoubtedly find some rogue traffic that I want to look more closely at. For example, consider the piece of a matrix screen shown in Figure 13 - see anything that looks strange?

click to expand
Figure 13: What the heck is this doing on the wire?

Here’s that really strange communication that I talked about in Chapter 1. Hey! 127.0.0.1 is the loopback address - you shouldn't ever see traffic to or from 127.0.0.1! Yipes! Seeing this on the matrix immediately prompted me to build a filter on all traffic to or from 127.0.0.1, as shown in Figure 14. All decent analyzers have a simple way to select the address type - on the Sniffer and EtherPeek, you just click on the label "IP."

click to expand
Figure 14: Include traffic to and from to loopback address to nail this loser.

This was really soooo much fun to catch. Consider building a '127' filter to be prepared in case you ever see this type of traffic.


Previous page
Table of content
Next page
Packet Filtering. Catching the Cool Packets.
Packet Filtering: Catching the Cool Packets
ISBN: 1893939383
EAN: 2147483647
Year: 2000
Pages: 65
Authors: Laura A. Chappell
BUY ON AMAZON
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Adobe After Effects 7.0 Studio Techniques
SQL Hacks
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
.NET System Management Services
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy