Tip 1 See source and destination addresses on port 80
————————————————————————
If you want to monitor on a router source ips or addresses from lan and destination addresses, to see sites visited by your LAN users you can use tcpdump:
# tcpdump -i int_if -q port 80
Tip 2 See if you have virused computers in your LAN
———————————————————————
Windows viruses usualy make traffic on 139 and 445, so a tcpdump on router on that port will find such kind of traffic.
# tcpdump -tlni fxp0 port 139 and 445
Tip 3 Block PING from outside with IPFW
——————————————————
If you want to be invisible to PINGS from Internet, you could block ICMP packets. But some other services might be blocked to, so this is not good. Also you will not be able to ping hosts from the server. So to solve this the best way is to only ping ICMP Echo Requests. This can be done with the following ipfw rule:
# ipfw add deny icmp from any to me icmptypes 8
Tip 3. View ICMP traffic
—————————-
tcpdump -s 1600 -nvvvpX icmp