Saturday, November 26, 2005

Three Great Session Data Articles

I just happened upon three great articles by Michael W. Lucas on collecting and analyzing session data on FreeBSD. They are:

Michael introduces several techniques and tools not mentioned in my books, like softflowd, Cflow.pm, flowscan, CUFlow, and others. Nice work! (Incidentally, I am the USENIX instructor Michael references in his last article.) :)

4 comments:

Anonymous said...

Please have a look at http://software.uninett.no/stager

About Stager

Stager is a generic tool for storage, aggregation and presentation of network statistics. Stager consist of a web application for data presentation, and a perl back-end for data storage and aggregation.

The current version of Stager include backend modules to collect and aggregate data for NetFlow, MPing and SNMP.

Anonymous said...

Please also have a look at IPAudit (http://ipaudit.sourceforge.net/).

Using a pcap interface it will produce network flow information. It has a web component called IPAudit-Web, that reads the stored data to produce reports (Read more about IPAudit here http://www.securityfocus.com/infocus/1842).

New verions of IPAudit are being worked on and include features such as client/server capability and enhanced reporting geared towards detecting security events.

mmk said...

Mr. Bejtlich,
is this possible to make and maintain a categorized list of packet based tools (that you have mentioned in past and now) so it will be of great help for quick reference.

Richard Bejtlich said...

mmk: I have considered creating a similar page. I thought about listing tools I use and projects I watch. If I have some free time I will consider it.