Snort mailing list archives
Re: general questions
From: waldo kitty <wkitty42 () windstream net>
Date: Fri, 29 Mar 2013 16:29:14 -0500
On 3/29/2013 13:56, Mohammad MontazerI wrote:
i want use the data to find out the network traffic shape. such as: who goes where! users most visiting websites and ... for this purpose how i should out put the data?
snort is not the proper tool for this task... snort is supposed to be used to detect bad traffic... bad traffic as in malware, virus, penetration probing, successful penetration, etc... if you want to track your users, then you should be using a transparent proxy setup which forces all web access thru the proxy and then looking at the proxy logs... you'll want to check for HTML traffic on non-standard ports as well as attempting to handle httpS connections... that might possibly require a MitM configuration but your corporate policy should define this... outside of that, how are you going to determine if it is a user making the connection or some software that just happens to be on their system? (ie: some toolbar forced on them they don't know about) ------------------------------------------------------------------------------ Own the Future-Intel(R) Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: general questions, (continued)
- Re: general questions Heine Lysemose (Mar 29)
- Message not available
- Re: general questions Mohammad MontazerI (Mar 29)
- Re: general questions Jeremy Hoel (Mar 29)
- Re: general questions Mohammad MontazerI (Mar 29)
- Re: general questions Jeremy Hoel (Mar 29)
- Re: general questions Mohammad MontazerI (Mar 29)
- Re: general questions Jeremy Hoel (Mar 29)
- Re: general questions waldo kitty (Mar 29)
- Re: general questions Mohammad MontazerI (Mar 29)
- Re: general questions Jeremy Hoel (Mar 30)
- Re: general questions waldo kitty (Mar 29)
- Re: general questions waldo kitty (Mar 29)
- Re: general questions waldo kitty (Mar 29)
- Re: general questions waldo kitty (Mar 29)