Snort mailing list archives
RE: WinPcap 3.0 supports remote capture
From: "Esler, Joel Contractor" <EslerJ () RCERT-S ARMY MIL>
Date: Tue, 24 Jun 2003 09:22:40 -0400
Every once in awhile, you see a topic that pops up on the 10+ listservers that I am on that deserves a comment. :) This could be an answer for many remote management theories... One snort box, or what not, with a database, ACID, and snort on it. Several basic loads, with remote capture reporting back to this snort box. It would require little to no user interaction. Just a nic card. This has WAY too many possibilites. J -----Original Message----- From: Richard Bejtlich [mailto:richard_bejtlich () yahoo com] Sent: Monday, June 23, 2003 11:30 PM To: Snort-users () lists sourceforge net Subject: [Snort-users] WinPcap 3.0 supports remote capture Yesterday I mentioned SVtun (http://www.cs.tau.ac.il/~nnavi/vtun/) for capturing packets on one Linux device and analyzing them on a separate Linux device, in response to a question on doing the same with Windows and Linux. It appears that WinPcap 3.0, released 10 Apr 03 and updated to 3.01 alpha on 13 Jun, supports this experimentally.
From the documentation
(http://winpcap.polito.it/docs/man/html/group__remote__help.html): "This is an highly experimental feature that allows [you to] interact [with] a remote machine and capture packets that are being transmitted on the remote network. This requires a remote daemon (called rpcapd) which performs the capture and sends data back and a local client that sends the appropriate commands and receives the captured data." What is even cooler -- "The [Remote] daemon [rpcapd] can be compiled and it is actually working on Linux as well." Sincerely, Richard Bejtlich richard at taosecurity dot com http://taosecurity.com __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- WinPcap 3.0 supports remote capture Richard Bejtlich (Jun 24)
- <Possible follow-ups>
- RE: WinPcap 3.0 supports remote capture Esler, Joel Contractor (Jun 24)
- Re: WinPcap 3.0 supports remote capture sunzi (Jun 24)