HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 42 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Forensicsarrow Network Forensic tools/practice/techniques
EH-Net
May 21, 2013, 06:02:02 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Network Forensic tools/practice/techniques  (Read 6346 times)
0 Members and 1 Guest are viewing this topic.
charlottebandit
Newbie
*
Offline Offline

Posts: 49


View Profile
« on: December 31, 2008, 03:12:57 PM »
How are you guys doing?  I was wondering what kind of tools are used to investigate networks to include routers, switches, firewalls, IPSs, and other advanced security technologies?  Does this mostly consist of reading each line of syslog info?

Just how far ahead or behind are the professional tools out there for this?
Logged
MS, CCSP, CCNP, CCDP, CEH, CHFI, CPTS
adamj
Newbie
*
Offline Offline

Posts: 17



View Profile
« Reply #1 on: January 02, 2009, 10:59:42 PM »
Hi.  There's a tool called Firewalk which may be worth checking out, and there's a tool which looks like it's designed to audit Cisco firewalls/routers called Router Audit Tool; see http://www.cisecurity.org/bench_cisco.html
Logged
jimbob
Guest
« Reply #2 on: January 06, 2009, 07:36:57 AM »
Quote from: charlottebandit on December 31, 2008, 03:12:57 PM
Does this mostly consist of reading each line of syslog info?
You could consider splunk for processing log files from network devices.

http://www.splunk.com/
Logged
timmedin
Sr. Member
****
Offline Offline

Posts: 469



View Profile WWW
« Reply #3 on: February 14, 2009, 01:52:48 PM »
These sytems are called SEM, SIM, or SIEM (Security [Event] [Incident] Management) systems that will correlate, monitor and alert on logs. This type of system will take logs and parse it for you and make drilling into (or detecting) and issue much easier. There is no realistic way you can monitor your the tremendous amount of log data without something to help you out.
Logged
twitter.com/timmedin | http://blog.securitywhole.com
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.091 seconds with 24 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.