[Snort-users] RE: [Off topic] Traffic analysis
richard_bejtlich at ...131...
Fri Dec 5 15:52:03 EST 2003
The following might provide the session data you need:
1. Argus (http://www.qosient.com/argus). Wait if at
all possible until next week when the long-awaited
2.0.6 version is released to the public. See the
2. SANCP (http://sourceforge.net/projects/sancp).
This is a newer project but looks promising.
3. NetFlow data (http://www.cisco.com/go/netflow).
Use the open source fprobe
(http://sourceforge.net/projects/fprobe) probe to
generate NetFlow records and the flow-tools
(http://www.splintered.net/sw/flow-tools/) package to
receive, store, and review them.
I hope to have an article introducing 1 and 3 in the
March issue of Sys Admin magazine, and my book due in
mid-2004 will cover all three in detail.
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
More information about the Snort-users