Re: Sniffing split connections

[Johann_van_Duyn () bat com]

You could try using a Symantec ManHunt or SNS unit; they can
cross-correlate between interfaces. YMMV, but it has worked for me before.
Try an eval SNS box and see how it works for you.

--------------------------------------------------
J o h a n n   v a n   D u y n
--------------------------------------------------
"The most common of all follies
  is to believe passionately in the palpably not true.
  It is the chief occupation of mankind."
--H. L. Mencken


_____________________________________________________________________
Confidentiality Notice: The information in this document and attachments is confidential and may also be legally 
privileged. It is intended only for the use of the named recipient.
Internet communications are not secure and therefore British American Tobacco does not accept legal responsibility for 
the contents of this message.
If you are not the intended recipient, please notify us immediately and then delete this document. Do not disclose the 
contents of this document to any other person, nor take any copies.
Violation of this notice may be unlawful.
______________________________________________________________________

--------------------------------------------------------------------------
Stop hurting your network!
 
The NeVO passive vulnerability sensor continuously finds vulnerabilities, 
applications and new hosts without the need for network scanning. 
It also finds compromised systems with application-based intrusion detection. 
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------