Re: [Snort-users] Using snort to monitor traffic
This is a discussion on Re: [Snort-users] Using snort to monitor traffic within the Snort forums, part of the System Security and Security Related category; --===============1452129861== Content-Type: multipart/alternative; boundary="----=_Part_194593_14827952.1178007065405" ------=_Part_194593_14827952.1178007065405 Content-Type: text/plain; charset=ISO-8859-1; ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-01-2007
|
|||
|
|||
Re: [Snort-users] Using snort to monitor traffic
--===============1452129861==
Content-Type: multipart/alternative; boundary="----=_Part_194593_14827952.1178007065405" ------=_Part_194593_14827952.1178007065405 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Hey Frank, Go argus, as it is better standalone application that giving you network flow information, sancp is more powerful if you use together with sguil. By the way both works pretty well on freebsd platform. Have fun On 5/1/07, Will Metcalf <william.metcalf@gmail.com> wrote: > > I would suggest that you look at SANCP or Argus > > http://www.metre.net/sancp.html > http://qosient.com/argus/flow.htm > > I also suggest that you pickup one of Richard Bejtlich's books if you > don't think that you need full packet captures. You can always generate > stats and flow data from full pcaps. > > Regards, > > Will > > On 4/30/07, Frank <frank@korcett.com> wrote: > > > > i have snort inline (freebsd, ipfw, postgres logging) set up on my > > router > > to watch HTTP traffic. i would like to log in such a way that i can > > determine the last time any IP sent HTTP. i don't want to log any > > content, > > i just need the timestamps. i would prefer not to have to inspect the > > content or to log every HTTP packet. > > > > does snort seem like the proper tool for this job? i was going to use > > squid, but that seemed like overkill as just a transparent, non-caching > > proxy that logs to a flat file. > > > > thanks, > > frank > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > _______________________________________________ > > Snort-users mailing list > > Snort-users@lists.sourceforge.net > > Go to this URL to change user options or unsubscribe: > > https://lists.sourceforge.net/lists/...fo/snort-users > > Snort-users list archive: > > http://www.geocrawler.com/redir-sf.p...st=snort-users > > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > -- Best Regards, CS Lee<geekooL[at]gmail.com> ------=_Part_194593_14827952.1178007065405 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hey Frank,<br><br>Go argus, as it is better standalone application that giving you network flow information, sancp is more powerful if you use together with sguil. By the way both works pretty well on freebsd platform.<br> <br>Have fun<br><br><div><span class="gmail_quote">On 5/1/07, <b class="gmail_sendername">Will Metcalf</b> <<a href="mailto:william.metcalf@gmail.com">william.me tcalf@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div>I would suggest that you look at SANCP or Argus</div> <div><br><a href="http://www.metre.net/sancp.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.metre.net/sancp.html</a></div> <div><a href="http://qosient.com/argus/flow.htm" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://qosient.com/argus/flow.htm</a></div> <div> </div> <div>I also suggest that you pickup one of Richard Bejtlich's books if you don't think that you need full packet captures. You can always generate stats and flow data from full pcaps. </div> <div> </div> <div>Regards,</div><span class="sg"> <div> </div> <div>Will<br> </div></span><div><span class="e" id="q_1124509c47192dd6_2"> <div><span class="gmail_quote">On 4/30/07, <b class="gmail_sendername">Frank</b> <<a href="mailto:frank@korcett.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">frank@korce tt.com</a>> wrote: </span> <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">i have snort inline (freebsd, ipfw, postgres logging) set up on my router<br>to watch HTTP traffic. i would like to log in such a way that i can <br>determine the last time any IP sent HTTP. i don't want to log any content,<br>i just need the timestamps. i would prefer not to have to inspect the<br>content or to log every HTTP packet.<br><br>does snort seem like the proper tool for this job? i was going to use <br>squid, but that seemed like overkill as just a transparent, non-caching<br>proxy that logs to a flat file.<br><br>thanks,<br>frank<br><br>-------------------------------------------------------------------------<br>This SF.net email is sponsored by DB2 Express<br>Download DB2 Express C - the FREE version of DB2 express and take<br>control of your XML. No limits. Just data. Click to get it now.<br><a href="http://sourceforge.net/powerbar/db2/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> http://sourceforge.net/powerbar/db2/</a><br>____________________________________________ ___<br>Snort-users mailing list<br><a href="mailto:Snort-users@lists.sourceforge.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> Snort-users@lists.sourceforge.net</a><br>Go to this URL to change user options or unsubscribe: <br><a href="https://lists.sourceforge.net/lists/listinfo/snort-users" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">https://lists.sourceforge.net/lists/listinfo/snort-users</a><br>Snort-users list archive: <br><a href="http://www.geocrawler.com/redir-sf.php3?list=snort-users" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> http://www.geocrawler.com/redir-sf.php3?list=snort-users</a><br></blockquote></div><br> </span></div><br>-------------------------------------------------------------------------<br>This SF.net email is sponsored by DB2 Express<br>Download DB2 Express C - the FREE version of DB2 express and take<br>control of your XML. No limits. Just data. Click to get it now. <br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://sourceforge.net/powerbar/db2/" target="_blank">http://sourceforge.net/powerbar/db2/</a><br>____________________________________________ ___<br>Snort-users mailing list <br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:Snort-users@lists.sourceforge.net">Snort-users@lists.sourceforge.net</a><br>Go to this URL to change user options or unsubscribe:<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users" target="_blank"> https://lists.sourceforge.net/lists/listinfo/snort-users<br>Snort-users</a> list archive:<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.geocrawler.com/redir-sf.php3?list=snort-users" target="_blank"> http://www.geocrawler.com/redir-sf.php3?list=snort-users</a><br></blockquote></div><br><br clear="all"><br>-- <br>Best Regards,<br><br>CS Lee<geekooL[at]gmail.com> ------=_Part_194593_14827952.1178007065405-- --===============1452129861== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ --===============1452129861== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users --===============1452129861==-- 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 05:42 AM.
