I am currently in the process of finalizing my snort install. However, the boss has come to me and he does want the IDS for detecting alerts but he also needs to be able to view packets that users are sending out. Where they are going. Snort im sure can log all packets from the broadcast on the hub that it will be sitting off of but i want to know if there is any program that can organize these packets by computername/ip address with a nice GUI. Is there a program that will do this? Snort is going to be good for detecting alerts but we need to be able to see all the traffic for a particular user.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Network Monitor?
- Thread starter kwmarc
- Start date
are you talking about outbound(internet) connections/packets that he wants to see?
are you using hubs or switches in your network
how many internet connections do you have and what type are they / what devices is / are handling the internet connection.
are you using hubs or switches in your network
how many internet connections do you have and what type are they / what devices is / are handling the internet connection.
big daddy fatsacks
2[H]4U
- Joined
- Aug 10, 2001
- Messages
- 2,312
you can install ntop pretty easily and get what you want plus a whole lot more.
http://www.ntop.org/ntop.html
http://sourceforge.net/projects/ntop/
http://www.ntop.org/ntop.html
http://sourceforge.net/projects/ntop/
I have snort detecting all the alerts through ACID (BASE now that i upgraded), but i want to see each users packets, ALL of the packets, basically to see where they are going on the internet. Snort only logs alerts through BASE, and if i can tell snort to log all packets i dont know how. If anyone could help me that it would be appreciated, otherwise im gonna take a look at this ntop thing.
big daddy fatsacks
2[H]4U
- Joined
- Aug 10, 2001
- Messages
- 2,312
i think you should just take a look at ntop. really, i actually need to get ACID (or BASE i guess) running in my own setup here at work because snortalog isn't cutting it for analysis. but ntop is exactly the thing you are looking for. snort is an IDS. ntop is a network monitor. ntop will show you stats for every packet to or from a host on your LAN. see how much a host downloaded, how much they uploaded, who they are connecting to on the outside, what ports they are connecting on, what type of traffic is going through your LAN, what times of day the traffic goes through, how many packets were sent/received, how many bytes . . . i could go on endlessly.
if you don't want to jump into an install then at least start reading the few bits of documentation there are and look at some screen shots. you should be able to get an idea from those whether this is for you or not.
if you don't want to jump into an install then at least start reading the few bits of documentation there are and look at some screen shots. you should be able to get an idea from those whether this is for you or not.
Well, snort as an IDS only grabs packets that meet the ruleset. If you want to log all traffic, well you better have alot of space, and be ready to maybe even weekly delete old logs to make room for new ones (maybe even more often, depending on how much traffic you will be seeing). The main reason why projects like snort are made, is so you dont log every thing, because that takes alot of space.kwmarc said:I have snort detecting all the alerts through ACID (BASE now that i upgraded), but i want to see each users packets, ALL of the packets, basically to see where they are going on the internet. Snort only logs alerts through BASE, and if i can tell snort to log all packets i dont know how. If anyone could help me that it would be appreciated, otherwise im gonna take a look at this ntop thing.