Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Auditing / Logging
From: "Don Parker" <dparker () rigelksecurity com>
Date: Mon, 12 Jan 2004 13:17:14 -0500 (EST)

The simplest solution would be to simply log all activity using tcpdump in binary 
format. This decreases the file size, is faster, and allows you to manipulate it after. 
You can also input this binary log into any protocol analyzer afterwards as well ie: 
ethereal, etherpeek nx and the such. 

Doing the above also gives you and your client a copy of exactly what it is you have 
done during your pen test should there be any questions/complaints.

Cheers

-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.249.8340
fax:613.249.8319
--------------------------------------------

On Jan 12, "n30" <n30_lists () hotmail com> wrote:

Folks,

What software do you recommend for auditing / logging while performing
pen-test assessment.

I am interested in both network and application level.logging.

Thanks
-N

---------------------------------------------------------------------------
----------------------------------------------------------------------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault