[unisog] Remote sniffers- what do you use?

Harris, Michael C. HarrisMC at health.missouri.edu
Thu Mar 9 14:14:13 GMT 2006



-----Original Message-----
On Behalf Of sunia
Sent: Wednesday, March 08, 2006 4:09 PM

Anyone have any recommendations for an open source sniffer (ideally cli and web interface, no weird platform or java dependencies)?  Catering to individuals' prejudices against/for user interfaces turns out to be a lot more difficult than the backend stuff.

-----End Original Message-----

If you need some easy to follow directions for Snort and ACID try these 
http://cisit.calumet.purdue.edu/liless/2005_Spring_CIS445_Projects/Snorting_Acid_with_Fedora_Core_4.html

Sam

-----More links about using an IDS as remote sniffer-----------------------------

If all you need is raw packet capture TCPDUMP may be the easiest answer, especially if you are willing to manually setup what you want to sniff for 
	http://www.tcpdump.org/
	http://www.sans.org/resources/tcpip.pdf
Also windows versions are out there
	http://www.winpcap.org/windump/

If you need web front end and summary reporting (as per Sam's link above) See also the newer Snort & Acid (Base) install docs at 	http://www.ntsug.org/docs/snort_base_centos4.pdf

And 
	http://www.securityfocus.com/infocus/1640
	http://www.securityfocus.com/infocus/1643

Snort deployment guides on the snort site
	http://www.snort.org/docs/#deploy
Snort on windows
	http://www.sans.org/resources/idfaq/snort.php


The older Navy Shadow system may be a good middle ground, a lighter weight solution than a full snort/base install but more than raw tcpdump
	http://software.newsforge.com/software/05/04/14/1535223.shtml?tid=78&tid=92&tid=91
>From 
	http://www.nswc.navy.mil/wwwDL/XD/ISSEC/CID/index.html

--------------------------------------------------------------
Michael C. Harris
System Security Analyst & Instructor
University Of Missouri Health Care
harrismc at health.missouri.edu      KCØPAH
----------------------------------------------------------------- 





More information about the unisog mailing list