Need help finding Intrusion Detection and Packet Sniffer

[mikef1]

I’m looking for products (preferably those that run on Windows 2000). These products MUST be able to work on a WAN, built with Cisco Routers and Switches which includes Servers running a Varity of OS’s such as Novell 6.5, Alpha Unix 5.1a, Solaris9 and Windows 2000 that do the following. I need to Capture usernames and passwords sent through http, https, ftp, smtp, pop3, and telnet. Read ICQ, AIM, YAHOO and MSN traffic. Have a Network Packet Analyzer to decode all major application protocols, including TCP/IP, UDP, HTTP, HTTPS, SMTP, POP, TELNET, SMTP and FTP and conversion of protocol analysis data to a human readable format which allow me to decode the computer traffic so that I can read the traffic and make sense of it. Fault analysis to discover problems in the network, such as why computer A can't talk to computer B. Performance analysis to discover network bottlenecks. Network intrusion detection in order to discover hackers/crackers. Perform Network traffic logging and create logs that hackers can't break into and erase. This may take multiple products, however I would prefer a one product solution. I have looked at several products both software and hardware, however the manufactures seem to be changing hands and very on keeping their products up to date. Prices also vary wildly. I have 70 PC’s and 7 Servers. I also have 5 remote locations which connect to the Main office over a dedicated T1 line. I also have an Avaya IP Office VOIP.

 

[rn4it]

Simply put how much money do you have to spend?? Even if you go with some of the free tools/OS's your still looking at least $30000US. good luck

 

[WebSpyExpert]

http://www.webspy.com

has a full packet sniffer software that will help with the capture of all the data and readable reports, combined with their Optimization system you can accomplish a large percentage of your needs. Everything you are looking for is going to be hard to get even in two products. Check out a free version of the packet sniffer and call WebSpy if you would like information about the Optimization system.

 

[rn4it]

The type of system that mikef1 sounds like he's wants involves, various taps, software etc.. I have looked into a very similiar situation. WebSpyExpert, you are correct not a single or 2 systems will do it. The cheapest way that we could do it was use Lynux boxes with snort install on them for our IDS, reporting software to read the various logfiles. Using Cricket for Network Utilization charting/monitoring. Now, he's looking at $35K US for the taps for the fiber, WAN connections and the sniffer software to be used.

http://www.finisar.com/about/quickfind.php

finisar sniffer application is competeable with snifferpro.
good luck Mikef1

 

[mikef1]

Thanks for all the replys.

I'm looking at eTrust Intrusion Detection and Spector CNE. I have Ethereal. They all run on windows 2000 so no need for Linux. The eTrust Intrusion Detection is $5799.00 and the Spector CNE is $43.20 per workstation so a little under $3000.00 and Ethereal is free so my total cost is a little under $8800.00 that is a price I can live with.

 

[Zech]

You may want to check Snort out. Snort is flexible, reliable and free (although it does not have fancy GUI). Snort was originally developed for Unix system and its variants (in particular for Linux). Due to an increasing demands from Windows users, Snort later was ported to Windows platform. Quoting from Snort's manual, "There are three main modes in which Snort can be configured: sniffer, packet logger, and network intrusion detection system.

 

[DanInRaleigh]

this thread is old...but i guess smoothwall might work (freeware)

 

[mikef1]

Thanks for the reply. I got CA's Intrusion Detection for about 3G's so I'm in the process of getiing that up.