Here are two links:
First, the U.S. Navy's page for the project:
http://www.nswc.navy.mil/ISSEC/CID/
And a TechWeb review of the project:
http://www.techweb.com/wire/story/TWB19981008S0010
Richard Berry
LAN Engineer - Principal
"Si hoc legere scis numium eruditionis habes."
-----Original Message-----
From: Robert Casto [mailto:robert@xxxxxxxxxxxxx]
Sent: Wednesday, March 05, 2003 9:32 AM
To: Berry, Richard
Subject: RE: Specs for monitoring a full 100Mb line
Where can I find the Shadow tool you mentioned?
Robert Casto
Tel (513) 755-2221
Cell (513) 349-5282
robert@xxxxxxxxxxxxx
http://www.cincijava.com
-----Original Message-----
From: Berry, Richard [mailto:BerryR@xxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, March 05, 2003 9:59 AM
To: ethereal-users@xxxxxxxxxxxx; robert@xxxxxxxxxxxxx
Subject: Re: Specs for monitoring a full 100Mb line
Actually, there's a pretty good tool out there to do what you want:
Shadow. We use it to do the captures using machines much like has been
described; Using several data collectors, they feed their captures to a
central server once an hour. We capture only the headers, but we keep a
4-day backlog. That way, if some problem shows up, we have historical
data to review. We use the internal Shadow search, which gives us a
TCPDUMP-style report, or we can extract out and use Ethereal.
Alternately, if we need a full-packet capture, we temporarily take over
the sensors, get our capture, drop it on our machines and use Ethereal
to review.
Richard Berry
LAN Engineer - Principal
"Si hoc legere scis numium eruditionis habes."
