Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Packet Payload
From: Security <security () hudakville com>
Date: Wed, 30 Aug 2006 10:34:03 -0400

Like all the other posters have stated, its a good resource to have
forensically if you have the disk space.  I few years ago I set up a
Shadow IDS (http://www.nswc.navy.mil/ISSEC/CID/) and tcpdump on my
external network to capture traffic.  I used some creative filtering and
custom scripts and was able to keep about two months of full traffic
captures to around 40 GB compressed.  This was on 2 T-3 (not fully
utilized of course).

In my filtering, I believe I captured full packets of everything except
HTTP/HTTPS/SMTP traffic.  For that, I just captured the SYN and SYN/ACK
packet.  This cuts down on what you want to do, but saves alot of space.


xelerated wrote:
Im posrting this to the pen-test group, rather than firewall or IDS
because it covers many areas.


This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]