I have access to a linux server that is acting as the gateway to an internal network.
There is a MagicJack Plus device plugged into this network via CAT5.
The MagicJack gets its ip via DHCP from the linux server, and I've determined which IP address it was issued.
I've nmaped that ip, but I couldn't discover any open ports on the MagicJack Plus device.
I'm curious about how it communicates, especially which ports it actually uses. I'd like to monitor which ports it uses during a 24 hour period. I'd be very interested in seeing if it tries to communicate with any other computers that it doesn't need to (on the local network).
Ultimately, I want to lock that device down, so that it only has access to what it needs and nothing more.
The linux server only has a web app gui and commandline, how can I monitor and log the network activity of the "IP of this device" to discover what ports it actually uses, what it tries to access, and how much bandwidth it uses?
To get all the traffic your device generates do the following:
Given
eth1is the name of your host's network adapter you dedicated for testing (see above) use this command to write a packet log to a file:tcpdumpwithCtrl-C~/device.pcapwith any tool you like, e.g. wiresharkEDIT:
If your device refuses to work without an IP address you might want to set a dhcp server for it. I suggest using dnsmasq for these purposes, like this (run on your testing host):