RE: tcpdump installation on unix firewall?

["Lee (Lockdown) Hughes" <lee () polestar co uk>]

Yeah, and then drop it at the bottom of the ocean, and encase it in lead
;-).
I always carry a laptop around with me with all the tools that I need for
sniffing,
not much good for remote admin though :-(. You should really look at
something
like www.nfr.net, as this is a self contained sniffing solution, and with
IDR modules,
you can tailor it for almost anything.
Cheers,
Lee

> -----Original Message-----
> From: Mason  Begley [SMTP:mbegley () concentric com]
> Sent: Tuesday, August 31, 1999 7:27 PM
> To:   'Siglite'; Andreas.Bolatzki () ch danzas com
> Cc:   firewall-wizards () nfr net
> Subject:      RE: tcpdump installation on unix firewall?
>
> It doesn't matter really since tcpdump could be compiled offline and then
> added by a hacker later. Something that could be used for added security
> is
> to move all the tools you'll need into a directory and encrypt that dir
> with
> triple-des and only unencrypt it when its needed.
>
> Mason Begley
> Concentric Network. 
>
>  -----Original Message-----
> From:         Siglite [mailto:siglite () criticalstop com] 
> Sent: Saturday, August 28, 1999 12:57 AM
> To:   Andreas.Bolatzki () ch danzas com
> Cc:   firewall-wizards () nfr net
> Subject:      Re: tcpdump installation on unix firewall?
>
> I've never run a sniffer directly on the firewall.  However, I've found it
> extremely usefull to have sniffers on both sides of it.  In fact, that's
> generally the first place I go when I'm having a connectivity problem
> through the firewall.  
>
> /*-----------------------------------*/
> /* I live with FEAR every day.       */
> /* But, sometimes, she lets me RACE. */
> /*-----------------------------------*/
>
> KT Morgan
> Network Engineer
> Checkpoint Firewall-1 CCSA/CCSE
> Microsoft MCP
> Software Systems Group, Inc
>
> On 27 Aug 1999 Andreas.Bolatzki () ch danzas com wrote:
>
> > Hi fw-wizards
> >
> > Do you consider it an utterly bad idea to install a packet sniffer on a
> firewall. (HP box running FW-1).
> > Why would I want to do this?
> > Perhaps you know this already: If sth. is not working it's either the
> firewall or the network.
> > I need a tool to proove what's going on... Badly performing server, find
> out what normal traffic is for an application (data volume, traffic
> profile
> for one request....) and more of this kind. 
> > Is there anybody out there... doing this?
> >
> > Does it interfere with the FW-1 software?
> >
> > Thanks,
> >
> > Andy :-oe.
> >
> >
> > ---
> > Andreas Bolatzki                                                   
> > DANZAS Management AG
> > Corporate IT Operations and Support                    
> > Muenchensteinerstr. 43
> > CH-4002 Basel, Switzerland
> > Tel. +41 (61) 319 8686,  Fax. +41 (61) 319 8866                 
> >  Internet: andreas.bolatzki () ch danzas com
> >  X400: C=ch;A=atlas;P=danzas;O=dzchbslho;S=Bolatzki;G=Andreas