From owner-freebsd-isp  Wed Apr 17  7:33:42 2002
Delivered-To: freebsd-isp@freebsd.org
Received: from doc.metva.com.au (c16477.brasd1.vic.optusnet.com.au [210.49.152.96])
	by hub.freebsd.org (Postfix) with ESMTP id A127837B420
	for <isp@FreeBSD.ORG>; Wed, 17 Apr 2002 07:33:12 -0700 (PDT)
Received: (from enno@localhost)
	by doc.metva.com.au (8.11.3/8.11.3) id g3HEX3S39289;
	Thu, 18 Apr 2002 00:33:03 +1000 (EST)
	(envelope-from enno)
Date: Thu, 18 Apr 2002 00:33:02 +1000
From: Enno Davids <enno@doc.metva.com.au>
To: John Angelmo <john@veidit.net>
Cc: isp@FreeBSD.ORG
Subject: Re: Sniffer
Message-ID: <20020418003302.K17567@doc.metva.com.au>
References: <3CBD82B9.2070408@veidit.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3CBD82B9.2070408@veidit.net>; from john@veidit.net on Wed, Apr 17, 2002 at 04:12:09PM +0200
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

On Wed, Apr 17, 2002 at 04:12:09PM +0200, John Angelmo wrote:
|Hello
|
|I have a small problem.
|
|Some hosts at a campus are portsniffing or checking for unpatched 
|windows boxes.
|
|I can place my little freebsd laptop on the switch and sniff.
|Are there any good tools for sniffing and getting OK reports, if they 

You might have a look at 'snort'. Its actually a network IDS but its
pretty much ideal for this sort of thing. Especially as the activity you're
interested in is essentially the same sort of thing the bad guys do anyway.


Enno.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message