Snort mailing list archives
Re: Capture Email Content / Website Activity
From: <barryab63-ia () yahoo com>
Date: Sun, 27 Nov 2005 02:39:24 -0800 (PST)
In order to see everything on the network, you need to have one of the following: 1. A true hub. But, you'll only see traffic that passes through the hub. 2. A switch that will let you configure a monitor port, have the port your snort box is connected to configured to monitor all the other ports. How you do this depends on the switch. 3. Use a network tap. Place the tap were it will pickup the traffic you want to see, possibly between your firewall and inside router/switch, that way you would see everything in and out of your network. 4. Run snort in in-line mode, place the snort box in a location similar to the network tap. You would really need to give more information on your network to get a more detailed answer. As to detecting web activity, snort does have some rules for detect web traffic. But, it sound from you question that it might be better to try to get this info from you Firewall logs. Snort isn't really a very good web usage monitoring tool. Barry stuff () trackingsolutions ca wrote: I am new to snort and am starting to test things out. I am able to capture email content from the machine running snort, but I would also like to capture email being sent on the entire network. Is there a way to do this? Also is there a way to capture visited websites for the entire network to a file stating date, time, url, ipaddress? Thank you very much. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Capture Email Content / Website Activity stuff (Nov 27)
- Re: Capture Email Content / Website Activity barryab63-ia (Nov 27)
- Re: Capture Email Content / Website Activity stuff (Nov 27)
- Re: Capture Email Content / Website Activity Alex Butcher, ISC/ISYS (Nov 28)
- <Possible follow-ups>
- Re: Capture Email Content / Website Activity stuff (Nov 27)
- Re: Capture Email Content / Website Activity G Ramon Gomez (Nov 27)
- Re: Capture Email Content / Website Activity stuff (Nov 27)
- Re: Capture Email Content / Website Activity G Ramon Gomez (Nov 27)
- Re: Capture Email Content / Website Activity stuff (Nov 27)
- Re: Capture Email Content / Website Activity G Ramon Gomez (Nov 27)
- Re: Capture Email Content / Website Activity stuff (Nov 27)
- Re: Capture Email Content / Website Activity barryab63-ia (Nov 28)
- Re: Capture Email Content / Website Activity G Ramon Gomez (Nov 27)
- Re: Capture Email Content / Website Activity barryab63-ia (Nov 27)