RE: [Off topic] Traffic analysis

[Richard Bejtlich <richard_bejtlich () yahoo com>]

Erwin,

The following might provide the session data you need:

1.  Argus (http://www.qosient.com/argus).  Wait if at
all possible until next week when the long-awaited
2.0.6 version is released to the public.  See the
mailing list
(http://news.gmane.org/gmane.network.argus) for
details.

2.  SANCP (http://sourceforge.net/projects/sancp). 
This is a newer project but looks promising.

3.  NetFlow data (http://www.cisco.com/go/netflow). 
Use the open source fprobe
(http://sourceforge.net/projects/fprobe) probe to
generate NetFlow records and the flow-tools
(http://www.splintered.net/sw/flow-tools/) package to
receive, store, and review them.

I hope to have an article introducing 1 and 3 in the
March issue of Sys Admin magazine, and my book due in
mid-2004 will cover all three in detail.

Sincerely,

Richard Bejtlich
http://taosecurity.com

__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users