[unisog] HTTP Session Reconstruction and Monitoring

Isaac Perez Moncho suscripcions at tsolucio.com
Mon Nov 13 21:28:53 GMT 2006


Take on look on both:
http://www.snort.org/dl/contrib/data_analysis/snortsnarf/

snort_stat.pl:
http://www.securityfocus.com/infocus/1643
http://www.snort.org/dl/contrib/data_analysis/snort_stat.pl


En/na Harris, Michael C. ha escrit:
>  
> along these same lines,  we are seeking an open source Linux based
> application that will take the tcpdump files from snort/acid/shadow and
> do summary management reporting.  Looking for statistics of sites
> visited as well as bandwidth summary per destination (summary of flows)
> and summary of non http and https traffic on ports 80 and 443.  several
> commercial appliances and bandwidth control packages have some
> management reporting but I don't need another appliance in line if I can
> just reprocess the history tcpdump files lagging real time for daily,
> weekly and monthly reporting.
>
> Thanks
> Mike
>
> Ps I realize summary of flows and bandwidth may be problematic just
> collecting header detail (first 68 bytes). How deep beyond the first 68
> bytes is needed to collect the complete destination 99% of the time? And
> is deeper inspection required to identify the non http and https flows
> on those default ports?
>
>
>
>  
>
>  
> -----Original Message-----
> From: unisog-bounces at lists.dshield.org
> [mailto:unisog-bounces at lists.dshield.org] On Behalf Of Isaac Perez
> Sent: Monday, November 13, 2006 2:18 AM
> To: jgiyanani at niksun.com; UNIversity Security Operations Group
> Cc: unisog at lists.sans.org
> Subject: Re: [unisog] HTTP Session Reconstruction and Monitoring
>
> You can try sguil, a console for snort that that reconstruct the traffic
> of the snort cached attacks.
> http://sguil.sourceforge.net/
>
>
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
>
> __________ Información de NOD32, revisión 1862 (20061110) __________
>
> Este mensaje ha sido analizado con  NOD32 antivirus system
> http://www.nod32.com
>
>
>
>   



More information about the unisog mailing list