Re: Linux or Unix distribution for network sniffing

[Phillip Bailey <pbailey () cryptolife org>]

Hi  Hristiyan,

if you mean to log ALL the packets passing through your
routers/firewalls, then you need a very good software to search and
correlate the traffic. I suggest to make some research about "Deep
Packet Inspection", especially because anonymizing software (TOR) are
using strong encryption. Or if you need to log packets that match
certain rules you can go with a snort box installed on a spanned switch
port (this depends on your network load). Snort have a set of rules
called "sensitive data rules", or you can write you own rules according
to your needs. Before starting any kind of action, I strongly advise to
calculate the size of the data logged, and the machine power that you
need to perform search and correlation.

In the meantime my best regards,

Phillip






On 06/22/2010 11:12 AM, Hristiyan Lazarov wrote:
> Hello, I'm new to this mail list so lets first introduce myself - my
> name is Hristiyan Lazarov and I'm currently working as an Enterprise
> Security Specialist for a UK based company.
>
> I'm looking to implement in our organisation *NIX based network
> sniffer. Basically, I want to trace and record every single packet
> that is coming to, or going out from my network.
>
> We are working with sensitive information, that's why my employer want
> me to record the traffic at least 1 month back. We have a proxy which
> is dealing with our HTTP traffic but some
> people are playing smart trying to use some anonymizers to access
> restricted websites.
>
> Any suggestions would be greatly appreciated.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------


-- 
(SPSA) Snorby Preconfigured Security Applications
http://www.cryptolife.org/index.php/Spsa

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------