[Snort-users] (no subject)

counterping at ...5767... counterping at ...5767...
Tue Oct 8 06:53:04 EDT 2002


This Not strictly a SNORT Question so I aplogize in advance.

Newbie to the World of TCPDUMP.

I am running Snort IDS and as a complimating product ....
I have recently been interested in also logging ALL traffic that comes in/out 
my network via TCPDUMP (ip headers atleast).
This is really for the purpose of Forensics etc etc and would be cool to zip up 
and store away.

In the future I would also like to install SHADOW at some point to run these 
dumps for anomilies.

However, the amount of data is silly !! 200 MB per HOUR !! This is far too much 
data to log and store away ?

My question being ....
Does anyone log ALL IP Headers IN+OUT of there Networks ?
Should we be doing this ? Is it a good idea to take this approach ?
Any ideas suggestions would be appreciated.

Little Confused
Matt Y P.

P.S anyone know of any TCPDUMP mailing lists ?



----------------------------------------------------------
This message was sent using                 http://uk2.net
NEWS - CHEAPEST DEDICATED SERVERS IN THE WORLD -  25/month
FREE UK DIAL 0845 609 1370 - username uk2: - password: uk2
UK's FREE Domains, FREE Dialup, FREE Webdesign, FREE email






More information about the Snort-users mailing list