Re: general questions

[waldo kitty <wkitty42 () windstream net>]

On 3/29/2013 13:56, Mohammad MontazerI wrote:
> i want use the data to find out the network traffic shape.
> such as: who goes where! users most visiting websites and ...
> for this purpose how i should out put the data?

snort is not the proper tool for this task... snort is supposed to be used to 
detect bad traffic... bad traffic as in malware, virus, penetration probing, 
successful penetration, etc...

if you want to track your users, then you should be using a transparent proxy 
setup which forces all web access thru the proxy and then looking at the proxy 
logs... you'll want to check for HTML traffic on non-standard ports as well as 
attempting to handle httpS connections... that might possibly require a MitM 
configuration but your corporate policy should define this...

outside of that, how are you going to determine if it is a user making the 
connection or some software that just happens to be on their system? (ie: some 
toolbar forced on them they don't know about)

------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete 
for recognition, cash, and the chance to get your game on Steam. 
$5K grand prize plus 10 genre and skill prizes. Submit your demo 
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!