Here's what I would recommend. Install snort, and
then the Resource Kit utility 'soon.exe' (is there a
'now.exe'?). When you suspect something is going on,
you can submit an AT command to the system to run a
batch file for snort w/ the correct command line
switches (so you won't have to memorize them).

Carv

--- "Wangler, Dan" <dwanglerTI.COM> wrote:
> Listeners
>
> I am trying to find a way to turn packet sniffing on
> from an NT and/or W2K
> Server whenever I think something suspicious may be
> happening, be it
> intruder or misuse. I have a service running that
> monitors certain
> activity. Since netmon is distributed with NT and
> W2K servers, is there a
> way to turn on netmon and direct the output to a
> file without bringing up
> the GUI? I do not want to have to install another
> package is it is not
> necessary.
>
> Thanks
>
> Dan Wangler
> Security Engineering and Development
> IT Security Team
> Texas Instruments, Inc.
>

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]