Penetration Testing mailing list archives
Re: Packet Payload
From: "Mike Klingler" <whitehatguru () gmail com>
Date: Wed, 30 Aug 2006 08:30:00 -0500
I agree that capturing packet data can be truly useful in determining what is occuring on a network. However, most of the data that a full time packet data capture would be useless. I would suggest that you implement a system which would allow you to easily specify which packets that you want to capture the data from and allow access to observe the content. That would forgo the SAN requirement and still allow you to get the access to the datathat you need. The one disadvantage to not having a constantly running packet data capture would be the inability to review the packet content of packets that you weren't expecting. That is probaly where the juciest data is. That being said a system could be put together whereby only packet data not on a whitelist is captured. That would allow you to systematically eliminate known chatty services or servers that produce a ton of useless data (IPsec, DNS, NTP for example) that would limit the ammount of data while still preserving the unexpected data content. -- Michael Klingler, CISSP SecurityMetrics Penetration Tester ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- Packet Payload xelerated (Aug 29)
- RE: Packet Payload Hirsch, Adam (Aug 29)
- RE: Packet Payload Matt Davis (Aug 29)
- RE: Packet Payload Remad (Aug 29)
- Re: Packet Payload xelerated (Aug 29)
- RE: Packet Payload Remad (Aug 29)
- Re: Packet Payload xelerated (Aug 29)
- Re: Packet Payload Peter Van Epp (Aug 29)
- RE: Packet Payload Clemens, Dan (Aug 29)
- RE: Packet Payload Javier Romero (Aug 29)
- Message not available
- Message not available
- Re: Packet Payload Mike Klingler (Aug 30)
- Message not available
- Re: Packet Payload David J. Bianco (Aug 30)
- Re: Packet Payload Security (Aug 30)
- RE: Packet Payload Robert D. Holtz - Lists (Aug 30)
- Re: Packet Payload griffkc (Aug 31)
- RE: Packet Payload Robert D. Holtz - Lists (Aug 30)
- Re: Packet Payload Ariel Waissbein (Aug 30)
- Re: Packet Payload xelerated (Aug 30)
- <Possible follow-ups>
- RE: Packet Payload Hirsch, Adam (Aug 29)
- RE: Packet Payload Clemens, Dan (Aug 29)
- Re: Packet Payload xelerated (Aug 29)
- Re: Packet Payload Joey Peloquin (Aug 30)
- RE: Packet Payload Clemens, Dan (Aug 29)