Full Disclosure: RE: auditing / logging while performing pen test

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

RE: auditing / logging while performing pen test

From: "Aleksander P. Czarnowski" <alekc () avet com pl>
Date: Mon, 12 Jan 2004 23:46:27 +0100

What software do you recommend for auditing / logging while performing
pen-test assessment.
I am interested in both network and application level.logging.

Hi,
Despite tcpdump I like using snort as it works both under Win32, BSD and Linux systems. If speed is not a requirement I 
usually do logging in text format. For NIDS testing I rather use binary logging and later replay session with snort. 
Ethereal and eEye Iris are also nice tools (Iris is commercial and works only under Win NT/2000/XP systems). A lot of 
tools has a verbose and very verbose option - a good example might be nmap both with -v and --packet_trace. Sometimes 
the best logging tool is a debugger attached to a running process. Depends on what kind of data you need to log and how 
do analyze it later.
Just my 2 cents,
Cheers,
Aleksander Czarnowski
AVET INS

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

RE: Is the FBI using email Web bugs?, (continued)
- Re: Is the FBI using email Web bugs? Stephen Clowater (Jan 07)
- Re: Is the FBI using email Web bugs? Les Ault (Jan 07)
- RE: Is the FBI using email Web bugs? tlarholm (Jan 07)
  - RE: Is the FBI using email Web bugs? Todd Burroughs (Jan 08)
    - RE: Is the FBI using email Web bugs? Gary E. Miller (Jan 08)