RE: network audit

[YashPal Singh <ysingh () quark co in>]

Have a look at NetDetector from Niksun. Its a Network IDS and records all
packets. Moreover it alerts the user when threshold value is reached. It can
also recreate TCP sessions.

Thanks,
Yash



-----Original Message-----
From: Marendra Nutriaji [mailto:rendi () itpro co id]
Sent: Tuesday, March 11, 2003 7:41 AM
To: avi koren; security-basics () securityfocus com
Subject: RE: network audit


Hi there

there is a basic but powerful tools for your purpose, tcpdump in Linux or
windump in Windows Environment.
It could capture all or customized traffic that you want to grab. and it
could be redirected the output to files as text files. unfortunately, the
output is not CSV (Comma Separated Value), so it's gonna be little bit
tricky to put it into database. well it's good tools though... :)) more
details: http://windump.polito.it/default.htm

There is more advanced tools and can be used as network instruction
dedetection as well, called Snort (maybe you heard of it). It's free at
http://www,snort.org 
It does capturing the traffic in log files in CSV format, so later if you
wanna use it, just open it in Microsoft Excelor other spreadsheet programs,
it will adjust the view neatly.

Cheers

Marendra
 


-----Original Message-----
From: avi koren [mailto:avikoren () fastmail fm]
Sent: Sunday, March 09, 2003 11:46 PM
To: security-basics () securityfocus com
Subject: network audit


Hello,

I'd like to record network traffic for later analysis. I want to record
all the packets including its data.
I prefer logging it to a database, though files are welcomed too. (thats
assuming I can later insert'em to a database).
Anyone can recommend a good product ? (commercial and non-commercial are
both welcomed)

thank you.
-- 
  avi koren
  avikoren () fastmail fm

-- 
http://www.fastmail.fm - Faster than the air-speed velocity of an
                          unladen european swallow