1

What types of information are commonly logged with Network Intrusion Detectors?

view story
linux-howto

http://serverfault.com – I've only found generic descriptions that have sensors capture network traffic and analyzes the content of the individual packets for malicious traffic. What I want to know is specifically what kind of information is logged from the network traffic and packets and how the system would know it is malicious. Any tips/guidance would be greatly appreciated! Thanks!! (HowTos)

xskl's picture
Submitted by xskl on 01/23/2013

Stories similar to What types of information are commonly logged with Network Intrusion Detectors?

Hi everybody

I am happy to present to you my SniffDroid Widget on rooted phone. It's a network sniffer.

If you're a geek or just curious about what is happening on your WIFI or 3G connection, you can start a network traffic capture with only one click and surf on your other applications at the same time.

Hi everybody

I am happy to present to you my SniffDroid Widget on rooted phone. It's a network sniffer. :)

If you're a geek or just curious about what is happening on your WIFI or 3G connection, you can start a network traffic capture with only one click and surf on your other applications at the same time.

i hope someone can help me out with somewhat simple task. I'm trying to redirect a client in my router through my desktop PC, so i can dump the traffic and analyze it (its potential source of poisoning the network with malicious packets). However i don't have a second NIC on my hands and i was hoping i can redirect all the traffic from that IP through my PC.

I've got a cheap VPS running Ubuntu 12.04 that I sometimes proxy web traffic through via SSH when I don't trust the network I'm on. I'd like to have a closer look at some of that traffic on occasion.

I want to diagnose some problems on my Wi-Fi network. I would like to capture the communication between an 802.11N client and an 802.11N access point. I have a lenovo ThinkPad T61p laptop with an IWL4965N chipset that runs Fedora 11 and that I want to use as a monitoring device. I can connect to the 802.11N access point with the lenovo laptop and get to the Internet.

I’m trying to improve my TCP throughput over a “gigabit network with lots of connections and high traffic of small packets”. My server OS is Ubuntu 11.10 Server 64bit.

There are about 50.000 (and growing) clients connected to my server through TCP Sockets (all on the same port).

95% of of my packets have size of 1-150 bytes (TCP header and payload).

I'm stuck on problem where my machine started to drops packets with no sign of ANY system load or high interrupt usage after an upgrade to Ubuntu 12.04. My server is a network monitoring sensor, running Ubuntu LTS 12.04, it passively collects packets from 5 interfaces network intrusion type stuff.

In the network we have a few vlans but at the moment I was investigating vlan2 which carries the most traffic. When tcpdumping on the eth0.2 interface, I see a lot of packets arriving which are not addressed to, nor coming from the server.

At this point, I am more interested in the research of it rather than deployment, since obviously I don't have enough expertise. In short, what I am trying to achieve is assemble dedicated hardware that would process possibly millions of pps and dropping any packets I do not wish to go through the network.