[Snort-users] RE: [Off topic] Traffic analysis

Richard Bejtlich richard_bejtlich at ...131...
Fri Dec 5 15:52:03 EST 2003


The following might provide the session data you need:

1.  Argus (http://www.qosient.com/argus).  Wait if at
all possible until next week when the long-awaited
2.0.6 version is released to the public.  See the
mailing list
(http://news.gmane.org/gmane.network.argus) for

2.  SANCP (http://sourceforge.net/projects/sancp). 
This is a newer project but looks promising.

3.  NetFlow data (http://www.cisco.com/go/netflow). 
Use the open source fprobe
(http://sourceforge.net/projects/fprobe) probe to
generate NetFlow records and the flow-tools
(http://www.splintered.net/sw/flow-tools/) package to
receive, store, and review them.

I hope to have an article introducing 1 and 3 in the
March issue of Sys Admin magazine, and my book due in
mid-2004 will cover all three in detail.


Richard Bejtlich

Do you Yahoo!?
Free Pop-Up Blocker - Get it now

More information about the Snort-users mailing list