[TriLUG] kinda a sniffer, kinda a snort, kinda weird

Greg Brown gwbrown1 at gmail.com
Sat Aug 27 10:28:02 EDT 2005


I don't have control over the proxys or the firewalls. So far ntop looks 
like the best option.

But all are great ideas..

Greg

On 8/26/05, Kevin Flanagan <kevin at flanagannc.net> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I'd look at proxy solutions rather than the network, you can have a
> transparent proxy with logging on. There are several log reporting
> packages as well.
> 
> 
> You could even put something like a ClarkConnect box inline to the
> internet connection. http://www.clarkconnect.org/webapp/modules.jsp
> This has a proxy, and reports all built in, as well as a lot more.
> 
> 
> 
> 
> 
> 
> Kevin
> 
> 
> 
> Greg Brown wrote:
> > Does anyone know anything that will pull in data on a listening
> > interface (from a span port on a Cisco, for instance) that will log
> > traffic to a database then present a break-down of what that person
> > did, what protocols they used, what websites they visited, etc? Kind
> > of an intellignet traffic reporter? A watchdog so to speak? Does
> > anyone know of a linux/bsd package that will do this?
> >
> > The front-end has to be fairly simple, something a non-techincal
> > manager can look at and go "holy crap, employee X is visiting
> > monster.com <http://monster.com> 450000 times per day, while only 
> hitting the web app they
> > are supposed to enter data in 10 times a day".
> >
> > I've never seen a commerical app to do this so I'm having a hard time
> > saying "just like product X, only linux-based and free".
> >
> > Any ideas?
> >
> > Greg
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (GNU/Linux)
> 
> iD8DBQFDD7tOhW0MDKygik8RAovIAJwI/oe3UVVXptJxGV+MhaYGoOOPGQCgum5M
> +uAKw+9X+sT7c0hy1AQWUMw=
> =Ydf/
> -----END PGP SIGNATURE-----
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
>



More information about the TriLUG mailing list