[Snort-users] general questions
wkitty42 at ...14940...
Fri Mar 29 17:29:14 EDT 2013
On 3/29/2013 13:56, Mohammad MontazerI wrote:
> i want use the data to find out the network traffic shape.
> such as: who goes where! users most visiting websites and ...
> for this purpose how i should out put the data?
snort is not the proper tool for this task... snort is supposed to be used to
detect bad traffic... bad traffic as in malware, virus, penetration probing,
successful penetration, etc...
if you want to track your users, then you should be using a transparent proxy
setup which forces all web access thru the proxy and then looking at the proxy
logs... you'll want to check for HTML traffic on non-standard ports as well as
attempting to handle httpS connections... that might possibly require a MitM
configuration but your corporate policy should define this...
outside of that, how are you going to determine if it is a user making the
connection or some software that just happens to be on their system? (ie: some
toolbar forced on them they don't know about)
More information about the Snort-users