Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Packet Payload
From: griffkc () gmail com
Date: Thu, 31 Aug 2006 09:02:28 +0000

I've actually put a pilot like this together. My thoghts - don't bother. What ever you gain from the very few times you 
will actually need it will be completely overshadowed by the amount of care and feeding it will take to keep it going. 
You're going to need a heck of a lot more than 1TB of storage for one month. I ran on a gig segment at 30 percent 
saturation. I filled a TB every other day. And let's not forget it's not just about storage, but retrieval and analysis 
also.
Sent via BlackBerry from T-Mobile  

-----Original Message-----
From: "Robert D. Holtz - Lists" <robert.d.holtz () gmail com>
Date: Wed, 30 Aug 2006 10:35:35 
To:"'Security'" <security () hudakville com>
Cc:<pen-test () securityfocus com>
Subject: RE: Packet Payload

If a person is dead set on capturing all of the data going in and out of a
given network you could put together a system for this relatively cheaply.

One could have an AMD Athlon system, 1TB of drive space, a couple of GB of
RAM, and running a *nix variant for around $1,000.00USD or so.  This system
could keep up with fair amount of traffic pretty easily (< OC3) and has
enough storage for months of traffic.

-----Original Message-----
From: Security [mailto:security () hudakville com] 
Sent: Wednesday, August 30, 2006 9:34 AM
Cc: pen-test () securityfocus com
Subject: Re: Packet Payload

Like all the other posters have stated, its a good resource to have
forensically if you have the disk space.  I few years ago I set up a
Shadow IDS (http://www.nswc.navy.mil/ISSEC/CID/) and tcpdump on my
external network to capture traffic.  I used some creative filtering and
custom scripts and was able to keep about two months of full traffic
captures to around 40 GB compressed.  This was on 2 T-3 (not fully
utilized of course).

In my filtering, I believe I captured full packets of everything except
HTTP/HTTPS/SMTP traffic.  For that, I just captured the SYN and SYN/ACK
packet.  This cuts down on what you want to do, but saves alot of space.

Tyler

xelerated wrote:
Im posrting this to the pen-test group, rather than firewall or IDS
because it covers many areas.

...

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault