Re: Packet Payload
- From: Security <security@xxxxxxxxxxxxxx>
- Date: Wed, 30 Aug 2006 10:34:03 -0400
Like all the other posters have stated, its a good resource to have
forensically if you have the disk space. I few years ago I set up a
Shadow IDS (http://www.nswc.navy.mil/ISSEC/CID/) and tcpdump on my
external network to capture traffic. I used some creative filtering and
custom scripts and was able to keep about two months of full traffic
captures to around 40 GB compressed. This was on 2 T-3 (not fully
utilized of course).
In my filtering, I believe I captured full packets of everything except
HTTP/HTTPS/SMTP traffic. For that, I just captured the SYN and SYN/ACK
packet. This cuts down on what you want to do, but saves alot of space.
Tyler
xelerated wrote:
Im posrting this to the pen-test group, rather than firewall or IDS
because it covers many areas.
...
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
- Follow-Ups:
- RE: Packet Payload
- From: Robert D. Holtz - Lists
- RE: Packet Payload
- References:
- Packet Payload
- From: xelerated
- Packet Payload
- Prev by Date: Re: Packet Payload
- Next by Date: RE: locate windows workstation if you know the username
- Previous by thread: Re: Packet Payload
- Next by thread: RE: Packet Payload
- Index(es):
