[Snort-users] general questions

waldo kitty wkitty42 at ...14940...
Fri Mar 29 17:29:14 EDT 2013


On 3/29/2013 13:56, Mohammad MontazerI wrote:
> i want use the data to find out the network traffic shape.
> such as: who goes where! users most visiting websites and ...
> for this purpose how i should out put the data?

snort is not the proper tool for this task... snort is supposed to be used to 
detect bad traffic... bad traffic as in malware, virus, penetration probing, 
successful penetration, etc...

if you want to track your users, then you should be using a transparent proxy 
setup which forces all web access thru the proxy and then looking at the proxy 
logs... you'll want to check for HTML traffic on non-standard ports as well as 
attempting to handle httpS connections... that might possibly require a MitM 
configuration but your corporate policy should define this...

outside of that, how are you going to determine if it is a user making the 
connection or some software that just happens to be on their system? (ie: some 
toolbar forced on them they don't know about)




More information about the Snort-users mailing list