TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:10046] Packet Sniffers
I recommend using the Network Flight Recorder (NFR). It's really massive
and may go beyond what you're looking for, but it's definitely the "Big
Brother" of packet sniffers. Check it out at:
http://www.nfr.net/
Peter Lukas
On Fri, 12 Nov 1999, Clay Fandre wrote:
> Mike Nielsen wrote:
> >
> > Howdy all.
> >
> > I'm looking for a robust packet sniffer I can use to track and catalog various
> > types of traffic to a site. Ideally I would like to be able to have it
> > recognize port scans and spoofed IPs and record that info somewhere...
> >
> > I think tcpdump, argus, sniffit etc. can all do it but I havn't fuond one that
> > is easilly customizable..
> >
> > Admittedly my Perl skills leave much to be desired
> >
> > any ideas?
> >
>
> I would recommend tcpdump. It is really powerful once you know how to
> REALLY use it. You can also use tcpdump2ascii for added fun. Check out
> these links:
> http://www.nswc.navy.mil/ISSEC/CID/step.htm
> http://freshmeat.net/appindex/1999/09/09/936895326.html
>
> Shadow is a IDS (intrusion detection system) that uses tcpdump. It's
> open source so you can check how they do things. The requirements for
> running it are a little steep, though.
> http://www.nswc.navy.mil/ISSEC/CID/
>
> > --
> > ---------------------------------------------------------------
> > Mike Nielsen http://www.public.iastate.edu/~mnielsen
> > mnielsen@iastate.edu
> > "Linux, why use a Window when you have a door."
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > For additional commands, e-mail: tclug-list-help@mn-linux.org
>
> --
> Clay Fandre
> cfandre@maddog.mn-linux.org
> Twin Cities Linux Users Group
> http://www.mn-linux.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
>
>