Re: sniffer black box

From: Nosnos (nosnos94_at__NO_wanadoo_SPAM_.fr)
Date: 10/30/03

• Next message: Skybuck Flying: "Re: without selecting the right interface communication won't work ?"
• Previous message: John Morten Malerbakken: "Re: MSN Messeger - Voice thru Netgear 602 DSL modem"
• In reply to: Maxime Ducharme: "Re: sniffer black box"
• Next in thread: Maxime Ducharme: "Re: sniffer black box"
• Reply: Maxime Ducharme: "Re: sniffer black box"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 30 Oct 2003 09:46:30 +0100

> Hi
Hi thx for your answer

>
> I did the same thing with Snort NIDS : http://www.snort.org/
Yes the famous Snort
But was your Box an IDS or a snffer liker what I must do ?

>
> Snort can be configured to generate alerts based packets it sees,
> and it is highly configurable.
Yes but the great question is : Can we use Snort only to log the traffic
with the following information :
the Source IP (or more) - The destination (IP or more) - protocol -
eventually more info like date, filename if ftp etcetc (more info could be
appreciate)

I know that Snort is a good IDS, and it contains a sniffer mode, but the
other question is : what is better between using Snort sniffer mode (The log
seems to be hard to parse) and using Snort in IDS mode and set the rules for
a full sniffer use (I don't know if it is possible) and let the large tools
avaible reading logs/DataBase produce by the IDS to analyse the traffic
.....

I precise that for the moment I do not want IDS functions ... just analyse
the using of the LAN by everybody
>
> It can send alerts via email, SMB messages (windows), etc
> and log everything in a log file, in a database, ...
Yes I saw it, it is very powerfull

>
> You may also tell Snort to log the content of these suspicious
> packets, so you may do more precise analysis of "what was
> going on yesterday night when the bandwidth peaked".
>
> I usually run Snort on linux, you may see on this link which OS
> Snort can run on :
> http://www.snort.org/about.html
I think that I will run it on gentoo, but is a linux will be enought
powerfull with eth0 ?

>
> For real-time network analysis, I also recommend ntop from
> http://www.ntop.org/ , with this tool you can fastly determine
> which protocols are used on the network.
>
> ex (Ntop has a web based interface) http://www.ntop.org/ntop2.jpg
>
> but it cannot detect suspicious activity like Snort could do.
Ok Thx I will test it

>
> Hope it helps
Sure it helps me, thx a lot
>
> Ciao
++
A bientot ;)
>
> ---------------------------------------------------------------
> Maxime Ducharme
> Administrateur reseau, Programmeur

---

• Next message: Skybuck Flying: "Re: without selecting the right interface communication won't work ?"
• Previous message: John Morten Malerbakken: "Re: MSN Messeger - Voice thru Netgear 602 DSL modem"
• In reply to: Maxime Ducharme: "Re: sniffer black box"
• Next in thread: Maxime Ducharme: "Re: sniffer black box"
• Reply: Maxime Ducharme: "Re: sniffer black box"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)