Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Packet Payload

from [griffkc] Network Security [Permanent Link]
Subject: Re: Packet Payload
Date: Thu, 31 Aug 2006 09:02:28 +0000 
I've actually put a pilot like this together. My thoghts - don't bother. What 
ever you gain from the very few times you will actually need it will be 
completely overshadowed by the amount of care and feeding it will take to keep 
it going. You're going to need a heck of a lot more than 1TB of storage for one 
month. I ran on a gig segment at 30 percent saturation. I filled a TB every 
other day. And let's not forget it's not just about storage, but retrieval and 
analysis also.
Sent via BlackBerry from T-Mobile  

-----Original Message-----
From: "Robert D. Holtz - Lists" <robert.d.holtz@gmail.com>
Date: Wed, 30 Aug 2006 10:35:35 
To:"'Security'" <security@hudakville.com>
Cc:<pen-test@securityfocus.com>
Subject: RE: Packet Payload

If a person is dead set on capturing all of the data going in and out of a
given network you could put together a system for this relatively cheaply.

One could have an AMD Athlon system, 1TB of drive space, a couple of GB of
RAM, and running a *nix variant for around $1,000.00USD or so.  This system
could keep up with fair amount of traffic pretty easily (< OC3) and has
enough storage for months of traffic.

-----Original Message-----
From: Security [mailto:security@hudakville.com] 
Sent: Wednesday, August 30, 2006 9:34 AM
Cc: pen-test@securityfocus.com
Subject: Re: Packet Payload

Like all the other posters have stated, its a good resource to have
forensically if you have the disk space.  I few years ago I set up a
Shadow IDS (http://www.nswc.navy.mil/ISSEC/CID/) and tcpdump on my
external network to capture traffic.  I used some creative filtering and
custom scripts and was able to keep about two months of full traffic
captures to around 40 GB compressed.  This was on 2 T-3 (not fully
utilized of course).

In my filtering, I believe I captured full packets of everything except
HTTP/HTTPS/SMTP traffic.  For that, I just captured the SYN and SYN/ACK
packet.  This cuts down on what you want to do, but saves alot of space.

Tyler

xelerated wrote:

Im posrting this to the pen-test group, rather than firewall or IDS
because it covers many areas.

...


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Core Impact Vs Manual Pen Test, jackal_pf0
Next by Date:  transparent NTLM authentication, port-scan
Previous by Thread:  RE: Packet Payload, Robert D. Holtz - Lists
Next by Thread:  Re: Packet Payload, Ariel Waissbein
Indexes:  [Date] [Thread] [Top] [All Lists]