TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:10046] Packet Sniffers
Mike Nielsen wrote:
>
> Howdy all.
>
> I'm looking for a robust packet sniffer I can use to track and catalog various
> types of traffic to a site. Ideally I would like to be able to have it
> recognize port scans and spoofed IPs and record that info somewhere...
>
> I think tcpdump, argus, sniffit etc. can all do it but I havn't fuond one that
> is easilly customizable..
>
> Admittedly my Perl skills leave much to be desired
>
> any ideas?
>
I would recommend tcpdump. It is really powerful once you know how to
REALLY use it. You can also use tcpdump2ascii for added fun. Check out
these links:
http://www.nswc.navy.mil/ISSEC/CID/step.htm
http://freshmeat.net/appindex/1999/09/09/936895326.html
Shadow is a IDS (intrusion detection system) that uses tcpdump. It's
open source so you can check how they do things. The requirements for
running it are a little steep, though.
http://www.nswc.navy.mil/ISSEC/CID/
> --
> ---------------------------------------------------------------
> Mike Nielsen http://www.public.iastate.edu/~mnielsen
> mnielsen@iastate.edu
> "Linux, why use a Window when you have a door."
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
--
Clay Fandre
cfandre@maddog.mn-linux.org
Twin Cities Linux Users Group
http://www.mn-linux.org