Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sniffer

Status
Not open for further replies.
drcab

drcab

Programmer
Nov 16, 2000
32
US
As the Security Manager for my large organization, I am looking for a "Sniffer" that would track inappropriate Administrator process's (ie recreating accounts, accessing mailboxes, logon locations) as well as possible intrusion attempts from the inside. We utilize SMS as well as the server logs and auditing, however we are looking for an "All in one" Package. As expected we had an "Issue" that we are reacting to.

Thank you for your help.

dr cab
 
Sort by date Sort by votes
Depending on the kind of connections you allow to the server, a sniffer won't do you any good... If admins ssh in, your only shot is a man in the middle sniffer like comes with ettercap, but that only works on ssh1...

A better bet would be something like logwatch, and setting up logging to a secure remote system.

Check out what the honeynet project is doing... They have the best logging out there, and you can get some of their source (like the bash shell that logs commands to a remote system).
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mikef1
  • Locked
  • Question
Need help finding Intrusion Detection and Packet Sniffer
Replies
7
Views
56
mikef1
mikef1
lck092580
  • Locked
  • Question
Recommendations for a packet sniffer?
Replies
5
Views
36
lck092580
lck092580
jpmitchell
  • Locked
  • Question
Network sniffer
Replies
2
Views
20
Guest_imported
Guest_imported

Part and Inventory Search

Sponsor

Back
Top