[plug] Network Monitoring

[tcleary2 at csc.com.au]

>So maybe MNM does more than volume analysis?

MNM is basically a sniffer with a GUI - so you can estimate volumes etc. 
on screen, from the chart.

It used to be that it came as standard in a crippled form on servers ( 
i.e. you could only see traffic to your own machine ) for "diagnostic" 
purposes.

The version that came with the resource kit was promiscuous.

However, these days I think it's become a standard feature.

But all the options mentioned are just variations on a theme - sniffers.

For instance, if you run snort without a config. file defined, it just 
runs as a sniffer.

Tcpdump, ethereal, ettercap, etherape, whatever - it's what you do with 
the packets that is the distinguishing factor, not capturing them.

My take is that without understanding what you're seeing, it doesn't 
matter whether there's a pretty screen or screenloads of hexes.....

Of course, having snort pre-digest them for you makes life easier - if you 
trust the guys who write the signatures.

My $.02

Regards,

tom.

----------------------------------------------------------------------------------------
Tom Cleary - Security Architect

CSC Perth

"In IT, acceptable solutions depend upon humans - Computers don't 
negotiate."
----------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please 
delete without copying and kindly advise us by e-mail of the mistake in 
delivery. NOTE: Regardless of content, this e-mail shall not operate to 
bind CSC to any order or other contract unless pursuant to explicit 
written agreement or government initiative expressly permitting the use of 
e-mail for such purpose.
----------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20041007/1f55d3b7/attachment.html>