[unisog] Remote sniffers- what do you use?

Gary Flynn flynngn at jmu.edu
Wed Mar 8 22:23:35 GMT 2006


sunia wrote:

> Just wanted to say that this is a really helpful and friendly group.  
> Thanks for all the good ideas!
> 
> Right now, I'm trying to evaluate various sniffer tools.  I've taken a 
> look at NetScout's nGenius and Network General's Sniffer/Infinistream.  
> Both seem extremely top-heavy business oriented suites which require 
> lots of care and feeding.  What I'd really like is just a super simple 
> way of seeing packets on every local network.  My current thought is to 
> just use some sort of opensource sniffer on a bunch of small hosts that 
> sit off span ports at each major distribution point.  I'd script the 
> spanning so it would be easy to get onto the right network.
> 
> Anyone have any recommendations for an open source sniffer (ideally cli 
> and web interface, no weird platform or java dependencies)?  Catering 
> to individuals' prejudices against/for user interfaces turns out to be 
> a lot more difficult than the backend stuff.
> 
> What are you using?


tcpdump, tcpflow, ngrep and, when needed, ethereal

-- 
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security


More information about the unisog mailing list