Firewall Wizards mailing list archives
Re: IDS with traffic analysis (basically) = sniffer
From: "Perry E. Metzger" <perry () piermont com>
Date: 02 Feb 1999 09:47:16 -0500
"John Kozubik" <john_kozubik_dc () hotmail com> writes:
Just a note - if you are doing traffic analysis (as opposed to content analysis) with an IDS, you are basically recording _every_ packet that comes through. Therefore, for all practical purposes, the IDS _is_ a sniffer. Commercial sniffing packages will be better, however, at analyzing attacks in progress (i.e. put the sniffer in the DMZ and watch what is happening) whereas the IDS is more of a reference to look back upon and analyze.
Why? Most sniffers I've seen aren't nearly as good as NFR. Hell, most of them aren't as good as TCPDUMP. What makes you think "commercial sniffing packages" are much good at *anything*? Perry
Current thread:
- IDS with traffic analysis (basically) = sniffer John Kozubik (Feb 01)
- Re: IDS with traffic analysis (basically) = sniffer Perry E. Metzger (Feb 02)
- Re: IDS with traffic analysis (basically) = sniffer dreamwvr (Feb 03)
- Re: IDS with traffic analysis (basically) = sniffer Perry E. Metzger (Feb 02)