[unisog] Remote sniffers- what do you use?

John H. Sawyer jsawyer at ufl.edu
Wed Mar 8 22:34:36 GMT 2006

Hi Sunia,

If you are interested in going the cheaper, open source route, it can be
as easy as deploying a number of Linux/BSD boxes with tcpdump on them.
You could also use Snort for a little more power. Additionally, if you
want a web interface with traffic analysis, check out ntop.

Also, if you have a Cisco infrastructure, take a look at RSPAN that lets
you configure SPAN ports across multiple switches so you can deploy less
sniffing hosts.

John H. Sawyer - GCFA GCIH GCFW
    UF IT Security Engineer
352.392.2061 -  infosec.ufl.edu

sunia wrote:
> Just wanted to say that this is a really helpful and friendly group.  
> Thanks for all the good ideas!
> Right now, I'm trying to evaluate various sniffer tools.  I've taken a 
> look at NetScout's nGenius and Network General's Sniffer/Infinistream.  
> Both seem extremely top-heavy business oriented suites which require 
> lots of care and feeding.  What I'd really like is just a super simple 
> way of seeing packets on every local network.  My current thought is to 
> just use some sort of opensource sniffer on a bunch of small hosts that 
> sit off span ports at each major distribution point.  I'd script the 
> spanning so it would be easy to get onto the right network.
> Anyone have any recommendations for an open source sniffer (ideally cli 
> and web interface, no weird platform or java dependencies)?  Catering 
> to individuals' prejudices against/for user interfaces turns out to be 
> a lot more difficult than the backend stuff.
> What are you using?
> Thanks!
> Sunia
> ----------------------------------------------
> Sunia Yang
> Network Engineer
> Stanford University
> sunia.yang at stanford.edu
> (650)723-3543

More information about the unisog mailing list