Penetration Testing mailing list archives
RE: Packet Payload
From: "Robert D. Holtz - Lists" <robert.d.holtz () gmail com>
Date: Wed, 30 Aug 2006 10:35:35 -0500
If a person is dead set on capturing all of the data going in and out of a given network you could put together a system for this relatively cheaply. One could have an AMD Athlon system, 1TB of drive space, a couple of GB of RAM, and running a *nix variant for around $1,000.00USD or so. This system could keep up with fair amount of traffic pretty easily (< OC3) and has enough storage for months of traffic. -----Original Message----- From: Security [mailto:security () hudakville com] Sent: Wednesday, August 30, 2006 9:34 AM Cc: pen-test () securityfocus com Subject: Re: Packet Payload Like all the other posters have stated, its a good resource to have forensically if you have the disk space. I few years ago I set up a Shadow IDS (http://www.nswc.navy.mil/ISSEC/CID/) and tcpdump on my external network to capture traffic. I used some creative filtering and custom scripts and was able to keep about two months of full traffic captures to around 40 GB compressed. This was on 2 T-3 (not fully utilized of course). In my filtering, I believe I captured full packets of everything except HTTP/HTTPS/SMTP traffic. For that, I just captured the SYN and SYN/ACK packet. This cuts down on what you want to do, but saves alot of space. Tyler xelerated wrote:
Im posrting this to the pen-test group, rather than firewall or IDS because it covers many areas. ...
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- RE: Packet Payload, (continued)
- RE: Packet Payload Matt Davis (Aug 29)
- RE: Packet Payload Remad (Aug 29)
- Re: Packet Payload xelerated (Aug 29)
- RE: Packet Payload Remad (Aug 29)
- Re: Packet Payload xelerated (Aug 29)
- Re: Packet Payload Peter Van Epp (Aug 29)
- RE: Packet Payload Clemens, Dan (Aug 29)
- RE: Packet Payload Javier Romero (Aug 29)
- Message not available
- Message not available
- Re: Packet Payload Mike Klingler (Aug 30)
- Message not available
- Re: Packet Payload David J. Bianco (Aug 30)
- Re: Packet Payload Security (Aug 30)
- RE: Packet Payload Robert D. Holtz - Lists (Aug 30)
- Re: Packet Payload griffkc (Aug 31)
- RE: Packet Payload Robert D. Holtz - Lists (Aug 30)
- Re: Packet Payload Ariel Waissbein (Aug 30)
- Re: Packet Payload xelerated (Aug 30)
- RE: Packet Payload Hirsch, Adam (Aug 29)
- RE: Packet Payload Clemens, Dan (Aug 29)
- Re: Packet Payload xelerated (Aug 29)
- Re: Packet Payload Joey Peloquin (Aug 30)
- RE: Packet Payload Clemens, Dan (Aug 29)