Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Network Forensic Suites

from [Chris Reining] Network Security [Permanent Link]
Subject: Re: Network Forensic Suites
Date: Wed, 8 Dec 2004 21:13:16 -0600 
Andy,
I would like to recommend Sguil[0]. It is an open source Network
Security Monitoring framework. Sguil's main component is an intuitive
GUI that provides realtime events from Snort/Barnyard. The other
components collect full packet captures from the network and keep track
of IP transactions allowing the analyst to easily retrieve, for example,
a complete TCP session of the event.

More information about Sguil and NSM in general can be found in the book
"The Tao of NSM" [1]. Chapter 10 [2] gives nice insight into using
Sguil.

--
Chris Reining, GCFW, GCIA
creining@packetfu.org
http://packetfu.org

[0] http://sguil.net
[1] http://www.amazon.com/exec/obidos/ASIN/0321246772
[2] http://www.informit.com/articles/article.asp?p=350390


Hi KC,
Agreed, they are all great products but I'm looking for products that can
capture every packet on huge pipes, analyse those packets, store them
locally allow them to be viewed remotely or even store remotely.  Present
the data in the manner they were intended, extract meta data.  Ideally

apply

priorities over which streams should be kept the longest  etc etc.  I know

I

should have been more specific in my original post.  Hindsight is a
wonderful thing.  I based the criteria around Greg Shipley's review on

such

products.


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Network Forensic Suites, Jimmy R.
Next by Date:  RE: Network Forensic Suites, Watkins Capt Timothy J
Previous by Thread:  Re: Network Forensic Suites, Jimmy R.
Next by Thread:  RE: Network Forensic Suites, Watkins Capt Timothy J
Indexes:  [Date] [Thread] [Top] [All Lists]