Re: Linux or Unix distribution for network sniffing

[Jonathan Leigh <dantevios () gmail com>]

Most Cisco switches and Brocade switches won't even allow you to log
"every single packet" going through your network. If your network has
too much data going over the wire, just having 1 machine to log all
packets will not work.

You can't just stick a box anywhere on your network and expect to log
all traffic. You have to put it at a bottleneck that either feeds into
the main switch or is the main switch itself. Any Linux distribution
can log packets with wireshark. It really doesn't matter which one you
choose.

If your employees are using too much bandwidth and you need to control
them, something like IPCop -
http://sourceforge.net/apps/trac/ipcop/wiki is a linux distro that can
do this I believe. A good article on what IPCop does can be found
here: https://www.infosecisland.com/blogview/3624-Open-source-All-in-one-Security-Solutions-Part-2.html

"IPCop is another open-source security solution that has been focusing
on SOHO users (Small Office, Home Office), and the  includes
everything you need to do packet filtering, IDS / IPS, Web and DNS
proxy, DHCP Server / Client, Openswan, OpenVPN, and NTP-server."


"but some people are playing smart trying to use some anonymizers to access
restricted websites."

About the only way I can see you defeating employees misusing internet
is to limit their bandwidth. If I were a malicious user and worked at
your company not wanting to follow your policy, I would just vpn out
to my own server or tunnel my traffic over SSH so you couldn't see
what I was doing.

On Wed, Jun 23, 2010 at 11:50 PM, Arnold Bush <arnoldwbush () gmail com> wrote:
> Hristiyan
> IMHO, whether a software sniffer will work or not depends on
> 1- the line speeds
> 2- the amount of packet data you want capture
> 3- Whether you want to process them online or offline
> Otherwise, OpenBSD or CentOS might be good OSs to use because they are
> pretty good as far as security is concerned for a beginner like me.
>
> On Tue, Jun 22, 2010 at 2:12 PM, Hristiyan Lazarov
> <hristiyan.lazarov () gmail com> wrote:
> > Hello, I'm new to this mail list so lets first introduce myself - my
> > name is Hristiyan Lazarov and I'm currently working as an Enterprise
> > Security Specialist for a UK based company.
> >
> > I'm looking to implement in our organisation *NIX based network
> > sniffer. Basically, I want to trace and record every single packet
> > that is coming to, or going out from my network.
> >
> > We are working with sensitive information, that's why my employer want
> > me to record the traffic at least 1 month back. We have a proxy which
> > is dealing with our HTTP traffic but some
> > people are playing smart trying to use some anonymizers to access
> > restricted websites.
> >
> > Any suggestions would be greatly appreciated.
> >
> > ------------------------------------------------------------------------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> > how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> > purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> > set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> > certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------



-- 
--
Thank you,
Jon Leigh

==========================================================
Email: Dantevios () gmail com
Website: http://www.dantevios.com
Facebook: http://www.facebook.com/dantevios
Gtalk: Dantevios () gmail com
ICQ: 577683269
AIM: Dantevios
MSN: Dantevios () hotmail com
Yahoo: Dantevios () yahoo com
Skype User: Dantevios
Skype #: 662-524-3653
==========================================================

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------