Re: sniffer black box
From: Maxime Ducharme (maxime_at_pandore-designSPAMISBAD.com)
Date: Tue, 28 Oct 2003 16:53:05 -0500
I did the same thing with Snort NIDS : http://www.snort.org/
Snort can be configured to generate alerts based packets it sees,
and it is highly configurable.
It can send alerts via email, SMB messages (windows), etc
and log everything in a log file, in a database, ...
You may also tell Snort to log the content of these suspicious
packets, so you may do more precise analysis of "what was
going on yesterday night when the bandwidth peaked".
I usually run Snort on linux, you may see on this link which OS
Snort can run on :
For real-time network analysis, I also recommend ntop from
http://www.ntop.org/ , with this tool you can fastly determine
which protocols are used on the network.
ex (Ntop has a web based interface) http://www.ntop.org/ntop2.jpg
but it cannot detect suspicious activity like Snort could do.
Hope it helps
Administrateur reseau, Programmeur
----- Original Message -----
From: "Nosnos" <nosnos94@_NO_SPAM_wanadoo.fr>
Sent: Tuesday, October 28, 2003 3:48 PM
Subject: sniffer black box
> I must make a black box that will sniff and log all the traffic that are
> income and outcome from the net.
> His main function will be to supervise all the user of the lan, and warn a
> root if someone is using the comany's network for unappropriate using ....
> It must particularly filters http (the url and the date of the connexion)
> ftp, irc, pop, stmp ......
> I must put all informations in a database.
> Do you know a good sniffer (maybe another method ?.) that can check the
> in order to give me some precise informations about the traffic ?
> Which OS must I installed for better performance ?