Re: sniffer black box

From: Maxime Ducharme (maxime_at_pandore-designSPAMISBAD.com)
Date: 10/28/03 

Date: Tue, 28 Oct 2003 16:53:05 -0500

Hi

I did the same thing with Snort NIDS : http://www.snort.org/

Snort can be configured to generate alerts based packets it sees,
and it is highly configurable.

It can send alerts via email, SMB messages (windows), etc
and log everything in a log file, in a database, ...

You may also tell Snort to log the content of these suspicious
packets, so you may do more precise analysis of "what was
going on yesterday night when the bandwidth peaked".

I usually run Snort on linux, you may see on this link which OS
Snort can run on :
http://www.snort.org/about.html

For real-time network analysis, I also recommend ntop from
http://www.ntop.org/ , with this tool you can fastly determine
which protocols are used on the network.

ex (Ntop has a web based interface) http://www.ntop.org/ntop2.jpg

but it cannot detect suspicious activity like Snort could do.

Hope it helps

Ciao

---------------------------------------------------------------
  Maxime Ducharme
  Administrateur reseau, Programmeur

----- Original Message -----
From: "Nosnos" <nosnos94@_NO_SPAM_wanadoo.fr>
Newsgroups:
alt.computer.security,alt.os.security,comp.os.linux.security,comp.security.f
irewalls
Sent: Tuesday, October 28, 2003 3:48 PM
Subject: sniffer black box

> hi,
>
> I must make a black box that will sniff and log all the traffic that are
> income and outcome from the net.
>
> His main function will be to supervise all the user of the lan, and warn a
> root if someone is using the comany's network for unappropriate using ....
>
> It must particularly filters http (the url and the date of the connexion)
,
> ftp, irc, pop, stmp ......
>
> I must put all informations in a database.
>
> Do you know a good sniffer (maybe another method ?.) that can check the
net
> in order to give me some precise informations about the traffic ?
>
> Which OS must I installed for better performance ?
>
> thx
>
>

Quantcast