[unisog] Remote sniffers- what do you use?
michael.holstein at csuohio.edu
Thu Mar 9 14:23:42 GMT 2006
> Anyone have any recommendations for an open source sniffer (ideally cli and
> web interface, no weird platform or java dependencies)? Catering to
> individuals' prejudices against/for user interfaces turns out to be a lot
> more difficult than the backend stuff.
Well, Ethereal will give you the CLI without weird dependencies (only
thing you'd need is libpcap, and that comes standard with most linux
As for a web interface, you could run it as a remote X session (assuming
clients are UNIX or running cygwin. You could also setup VNC or some
such and do it that way. You can run multiple instances of Ethereal with
no problem, although on an extremely busy network, you'll start to have
problems related to libpcap unless you have capture cards (eg: Endance
DAG cards) that support bpf expressions in the hardware.
You can easily load just about every open-source network analysis tool
(snort, argus, tcpdump, ethereal, ntop, etc) onto a 1-U FreeBSD box
(FreeBSD beating Linux in most any networking benchmark -- Linux+pfRing
Those that have used NAI/NG's Sniffer remotes can attest that the web
interface is FAR from "not having weird dependencies", and that if both
web sessions gets stuck, you end up rebooting the sniffer appliance.
That, and it's not exactly open-source (or cheap).
Michael Holstein CISSP GCIA
Cleveland State University
More information about the unisog