Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Packet Payload

from [Mike Klingler] Network Security [Permanent Link]
Subject: Re: Packet Payload
Date: Wed, 30 Aug 2006 08:30:00 -0500 
I agree that capturing packet data can be truly useful in determining what
is occuring on a network.  However, most of the data that a full time packet
data capture would be useless.  I would suggest that you implement a system
which would allow you to easily specify which packets that you want to
capture the data from and allow access to observe the content.  That would
forgo the SAN requirement and still allow you to get the access to the
datathat you need.

The one disadvantage to not having a constantly running packet data capture
would be the inability to review the packet content of packets that you
weren't expecting.  That is probaly where the juciest data is.  That being
said a system could be put together whereby only packet data not on a
whitelist is captured.  That would allow you to systematically eliminate
known chatty services or servers that produce a ton of useless data (IPsec,
DNS, NTP for example) that would limit the ammount of data while still
preserving the unexpected data content.


--
Michael Klingler, CISSP
SecurityMetrics Penetration Tester

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Packet Payload, Joey Peloquin
Next by Date:  Re: Packet Payload, Security
Previous by Thread:  RE: Packet Payload, Javier Romero
Next by Thread:  Re: Packet Payload, David J. Bianco
Indexes:  [Date] [Thread] [Top] [All Lists]