Security Basics mailing list archives
Re: monitor traffic on host
From: Steven Hollingsworth <steven () aznc com>
Date: Tue, 18 Sep 2007 11:23:48 -0700
On Fri, Sep 14, 2007 at 07:40:55PM -0700, Kelly Keeton wrote:
I have a issue where I have been asked to monitor all web traffic on a employee. I need to as quick as possible set up a transparent device that will monitor and log all web traffic in the clear. anything sent or rx over the network. ideally it would also monitor smtp, ft, etc. i need real time reporting so tcpdump wont work, snort also i dont think is the correct answer. is there any "prebuilt" knoppix or vm-appliance that will accomplish this?
I'd suggest making a bridge [0] with a live cd distro such as backtrack or knoppix-std, use tcpdump to capture traffic going to and from the users IP or MAC address and use chaosreader to assemble the packets [1]. It'll capture all non-encrypted traffic you need and put it in human readable form. Just have plenty of hard drive space available if you're going to sniff for a long time. [0] - http://gentoo-wiki.com/HOWTO_setup_a_gentoo_bridge you should able to glean what you need script wise here or just search "linux bridge howto" on google [1] - http://chaosreader.sourceforge.net/
Attachment:
_bin
Description:
Current thread:
- monitor traffic on host Kelly Keeton (Sep 18)
- RE: monitor traffic on host Weir, Jason (Sep 18)
- RE: monitor traffic on host TVB NOC (Sep 18)
- RE: monitor traffic on host Sentissi, Mohamed (Simo) (Sep 18)
- Re: monitor traffic on host Steven Hollingsworth (Sep 18)
- Re: monitor traffic on host Kurt Buff (Sep 18)
- <Possible follow-ups>
- Re: monitor traffic on host network_intern (Sep 18)