TCPDUMP ... Logging far too much traffic ?

From: counterping@uk2.net
Date: 10/08/02 

To: security-basics@securityfocus.com
From: <counterping@uk2.net>
Date: Tue, 8 Oct 2002 14:32:09 GMT

Newbie to the World of TCPDUMP.

I am running Snort IDS.
I have recently been interested in also logging ALL traffic that comes in/out
my network via TCPDUMP (ip headers atleast).
This is really for the purpose of Forensics etc etc and would be cool to zip up
and store away.

In the future I would also like to install SHADOW at some point to run these
dumps for anomalies.

However, the amount of data is silly !!
200 MB per HOUR !! This is far too much data to log and store away ?

My question being ....
Does anyone log ALL IP Headers IN+OUT of there Networks ?
Should we be doing this ? Is it a good idea to take this approach ?
Any ideas suggestions would be appreciated.

Little Confused
Matt Y
P.

----------------------------------------------------------
This message was sent using http://uk2.net
NEWS - CHEAPEST DEDICATED SERVERS IN THE WORLD - 25/month
FREE UK DIAL 0845 609 1370 - username uk2: - password: uk2
UK's FREE Domains, FREE Dialup, FREE Webdesign, FREE email

Relevant Pages

  • Re: quick2net and express network
    ... When I setup my dialup account for Express Network, ... The area doesn't matter (as long as you are in a verizon native area, I live and travel in my RV, and have been using it for the last few years.. ... If you know the next level of phone that I may able to afford to switch over, also I'm trying to find mobile office kit for vx3200 and it's very rare and tough to find, I only found one or two online stores selling them but the verizon's store and the outlets do not carry them and unwilling to order them for me sigh! ...
    (alt.cellular.verizon)
  • Re: The Brain
    ... power of the human brain. ... Which is why it makes so much sense to use a neural network to solve the ... weight values it was able to store all the knowledge needed to play the ... Typical compression algorithms these days take uncompressed data, ...
    (comp.ai.philosophy)
  • Re: Finding User Id
    ... where do you store this name (e.g. what kind of network do you use). ... > I would like to get the name of the person rather than the Lan ID> with which the person logs on to Win 2000. ... >> Several variations of code to return username at this google search>> result. ...
    (microsoft.public.excel.misc)
  • Re: DDoS attack.
    ... A "tcpdump -ner" will show you the MAC address or addresses your tcpdump ... to the source host, or a core router through which it came. ... you'll need to trace back to which network on the ... > It got all the signs of a dDoS attack window size is always the same dst ...
    (Incidents)
  • Re: Q re networking, might need guru
    ... needed a network analyzer that worked, and now I have nothing but tcpdump and tethereal, neither of which shows me what I need to know. ... Yes I did that, but I'm running kde Les, and have to start it from the cli. ... It didn't work, I presume its too gnome-centric so I removed it, and now etherape, another GTK+ app, cannot be made to work. ... And I built it to get a network monitor of SOME kind. ...
    (Fedora)
Quantcast