Security Basics mailing list archives

Re: Slickest way to capture all packets inbound and outbound for a specific IP address, or range?

From: Christos Gioran <himicos () freemail gr>
Date: 06 Sep 2003 01:25:47 +0300

Will agree with the other guys here.....

Ethereal is what i have used for this kind of work and has let me with
the best of impressions. Fast, easy and configurable...did i mention
free?? Like an improved tcpdump (all time classic and favorite) with a
gui.

Good luck

himicos


On Fri, 2003-09-05 at 18:51, Mark G. Spencer wrote:

I'm curious what the best way would be to capture all packets inbound or
outbound for a specific IP address or range of IP addresses would be?  The
scenario would be this .. 

I suspect an IP address of being involved in an intrusion into an
application on my network.  The relevant system has been patched, but I
would still like to capture the full packets for any inbound and outbound
activity for that IP address on a machine outside of my firewall.

Would Snort be a good way to do this, or is there a quicker/slimmer
solution?

Thanks!

Mark
 


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------



____________________________________________________________________
http://www.freemail.gr - äùñåÜí õðçñåóßá çëåêôñïíéêïý ôá÷õäñïìåßïõ.
http://www.freemail.gr - free email service for the Greek-speaking.

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Current thread:

Slickest way to capture all packets inbound and outbound for a specific IP address, or range? Mark G. Spencer (Sep 05)
- Re: Slickest way to capture all packets inbound and outbound for a specific IP address, or range? B (Sep 05)
  - RE: Slickest way to capture all packets inbound and outbound for a specific IP address, or range? Jim Laverty (Sep 05)
    - RE: Slickest way to capture all packets inbound and outbound for a specific IP address, or range? Ranjeet Shetye (Sep 09)
- Re: Slickest way to capture all packets inbound and outbound for a specific IP address, or range? Jude Naidoo (Sep 05)
- Re: Slickest way to capture all packets inbound and outbound for a specific IP address, or range? Christos Gioran (Sep 08)
- RE: Slickest way to capture all packets inbound and outbound for a specific IP address, or range? Michael LaSalvia (Sep 08)