Penetration Testing mailing list archives

RE: Packet Payload

From: "Robert D. Holtz - Lists" <robert.d.holtz () gmail com>
Date: Wed, 30 Aug 2006 10:35:35 -0500

If a person is dead set on capturing all of the data going in and out of a
given network you could put together a system for this relatively cheaply.

One could have an AMD Athlon system, 1TB of drive space, a couple of GB of
RAM, and running a *nix variant for around $1,000.00USD or so.  This system
could keep up with fair amount of traffic pretty easily (< OC3) and has
enough storage for months of traffic.

-----Original Message-----
From: Security [mailto:security () hudakville com] 
Sent: Wednesday, August 30, 2006 9:34 AM
Cc: pen-test () securityfocus com
Subject: Re: Packet Payload

Like all the other posters have stated, its a good resource to have
forensically if you have the disk space.  I few years ago I set up a
Shadow IDS (http://www.nswc.navy.mil/ISSEC/CID/) and tcpdump on my
external network to capture traffic.  I used some creative filtering and
custom scripts and was able to keep about two months of full traffic
captures to around 40 GB compressed.  This was on 2 T-3 (not fully
utilized of course).

In my filtering, I believe I captured full packets of everything except
HTTP/HTTPS/SMTP traffic.  For that, I just captured the SYN and SYN/ACK
packet.  This cuts down on what you want to do, but saves alot of space.

Tyler

xelerated wrote:

Im posrting this to the pen-test group, rather than firewall or IDS
because it covers many areas.

...


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

Current thread:

RE: Packet Payload, (continued)
- RE: Packet Payload Matt Davis (Aug 29)
- RE: Packet Payload Remad (Aug 29)
  - Re: Packet Payload xelerated (Aug 29)
    - RE: Packet Payload Remad (Aug 29)
- Re: Packet Payload Peter Van Epp (Aug 29)
- RE: Packet Payload Clemens, Dan (Aug 29)
- RE: Packet Payload Javier Romero (Aug 29)
  - Message not available
    - Message not available
    - Re: Packet Payload Mike Klingler (Aug 30)
- Re: Packet Payload David J. Bianco (Aug 30)
- Re: Packet Payload Security (Aug 30)
  - RE: Packet Payload Robert D. Holtz - Lists (Aug 30)
    - Re: Packet Payload griffkc (Aug 31)
- Re: Packet Payload Ariel Waissbein (Aug 30)
  - Re: Packet Payload xelerated (Aug 30)
- RE: Packet Payload Hirsch, Adam (Aug 29)
  - RE: Packet Payload Clemens, Dan (Aug 29)
    - Re: Packet Payload xelerated (Aug 29)
    - Re: Packet Payload Joey Peloquin (Aug 30)