Re: Linux or Unix distribution for network sniffing

[Charlie Clark <charlie () funkymunkey co uk>]

Hi Hristiyan,
 
Personally, I'd use an OpenBSD box as a bridge, put it in front of the firewall
and record all packets that go through the internet connection for later
analysis using something like tcpdump. This way if anyone is being smart and
using other protocols other than http to leak sensitive information you will
have the proof. The only problem is writing something to make sense of the raw
packets in an autimated fashion, I'm sure there must be something out there but
I do not know what.
 
Regards,
 
Charlie

On 22 June 2010 at 09:12 Hristiyan Lazarov <hristiyan.lazarov () gmail com> wrote:

> Hello, I'm new to this mail list so lets first introduce myself - my
> name is Hristiyan Lazarov and I'm currently working as an Enterprise
> Security Specialist for a UK based company.
>
> I'm looking to implement in our organisation *NIX based network
> sniffer. Basically, I want to trace and record every single packet
> that is coming to, or going out from my network.
>
> We are working with sensitive information, that's why my employer want
> me to record the traffic at least 1 month back. We have a proxy which
> is dealing with our HTTP traffic but some
> people are playing smart trying to use some anonymizers to access
> restricted websites.
>
> Any suggestions would be greatly appreciated.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------