[unisog] Remote sniffers- what do you use?

sunia sunia at networking.stanford.edu
Wed Mar 8 23:10:04 GMT 2006


John,

Very cool information!!  Thank you!

Sunia



On Mar 8, 2006, at 2:34 PM, John H. Sawyer wrote:

> Hi Sunia,
>
> If you are interested in going the cheaper, open source route, it can  
> be
> as easy as deploying a number of Linux/BSD boxes with tcpdump on them.
> You could also use Snort for a little more power. Additionally, if you
> want a web interface with traffic analysis, check out ntop.
> http://www.ntop.org/overview.html
>
> Also, if you have a Cisco infrastructure, take a look at RSPAN that  
> lets
> you configure SPAN ports across multiple switches so you can deploy  
> less
> sniffing hosts.
> http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/ 
> 3550scg/swspan.htm
>
> -jhs
> -- 
> -------------------------------
> John H. Sawyer - GCFA GCIH GCFW
>     UF IT Security Engineer
> 352.392.2061 -  infosec.ufl.edu
> -------------------------------
>
> sunia wrote:
>> Just wanted to say that this is a really helpful and friendly group.
>> Thanks for all the good ideas!
>>
>> Right now, I'm trying to evaluate various sniffer tools.  I've taken a
>> look at NetScout's nGenius and Network General's Sniffer/Infinistream.
>> Both seem extremely top-heavy business oriented suites which require
>> lots of care and feeding.  What I'd really like is just a super simple
>> way of seeing packets on every local network.  My current thought is  
>> to
>> just use some sort of opensource sniffer on a bunch of small hosts  
>> that
>> sit off span ports at each major distribution point.  I'd script the
>> spanning so it would be easy to get onto the right network.
>>
>> Anyone have any recommendations for an open source sniffer (ideally  
>> cli
>> and web interface, no weird platform or java dependencies)?  Catering
>> to individuals' prejudices against/for user interfaces turns out to be
>> a lot more difficult than the backend stuff.
>>
>> What are you using?
>>
>> Thanks!
>>
>> Sunia
>>
>>
>>
>> ----------------------------------------------
>> Sunia Yang
>> Network Engineer
>> Stanford University
>> sunia.yang at stanford.edu
>> (650)723-3543
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list