|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Eric Hill (eric
SPINS.COM)Date: Fri Apr 27 2001 - 14:19:42 CDT
> > I am trying to find a way to turn packet sniffing on
> > from an NT and/or W2K
> > Server whenever I think something suspicious may be
> > happening, be it
> > intruder or misuse.
You can use the NT port of TCPDump (www.eeye.com) to get the traffic into a
file, then run it through your choice of TCPDump-aware analyzers, such as
Snort or grep.
-eric
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]