Dear all,
One of my colleague told me that
ngrep is before iptables -> meaning that if i setup my iptables to block some traffic, doing an ngrep will still allow me to see the attempts coming in.
is it correct ?
I try to simulate the above statement by.
On my server console
Code:
1) iptables --policy INPUT drop
2) ngrep -d eth0 port 22 (eth0 is my production interface)
On my client console, open putty, choose ssh and input the server ip, and try to connect.
On my server console, i saw this
Code:
[root-server ~] ngrep -d eth0 port 22
interface: eth0 (192.168.0.0/255.255.255.0)
filter: (port 22) and (ip or ip6)
###
It seems that everytime i try to attempt to connect, i saw a
being display.
Q1) What is the
display ?
Q2) In this case, how do i confirm that the incoming ssh request did indeed reach my server (since i cant see any content or source ip information at all) ?
Regards,
Noob
