root@abusif:~ — tcpdump -i eth0 -nn -vvv
$ sudo tcpdump -i eth0 -nn -vvv -s 0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:23:41.231 IP 10.0.4.17.54212 > 185.199.108.153.443: Flags [S], seq 3842773441, win 64240
10:23:41.342 IP 185.199.108.153.443 > 10.0.4.17.54212: Flags [S.], seq 2845017228, ack 3842773442, win 65535
10:23:41.354 IP 10.0.4.17.54212 > 185.199.108.153.443: Flags [.], ack 1, win 502, length 0
10:23:41.360 IP 10.0.4.17.54212 > 185.199.108.153.443: Flags [P.], seq 1:518, ack 1, length 517
10:23:42.004 IP 203.0.113.77.4422 > 10.0.4.17.22: Flags [S] — port-scan pattern detected
10:23:42.008 ABUSIF-IDS >> BLOCK 203.0.113.77 — ssh brute-force signature matched (ET SCAN)
10:23:42.145 IP 10.0.4.22.51118 > 1.1.1.1.53: 42315+ A? abusif.net. (28)
10:23:42.162 IP 1.1.1.1.53 > 10.0.4.22.51118: 42315 1/0/0 A 185.199.108.153 (44)
10:23:42.201 WG wg0: peer abusif-fr handshake complete, rekey in 120s
$
