Re: IPHeader and Payload

• From: "cismic" <cismic@xxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sun, 2 May 2004 09:57:27 -0700

Hi Mike,

The IP header for the packet filter log is compraised of HEX as you can see it 
when looking at the logs.
I have some import scripts located out on http://isatools.org site.  listed 
under joe cismic. Not sure how
Jim came up with that name!  It would have been better to be Joe Marine or my 
real name of course.
But, him being of retired Navy caliber....<grin>

Well, that said.  Yes, I have some sql tools that I'm working on that reads the 
payload of the packet filter logs 
and makes analysis of those somewhat similar to snort.  Snort is a tool that 
you use to assit with intrusion detection and
is available at http://www.snort.org

My scripts were to get the data into an SQL database for further analysis.  If 
any one has used them please drop me
some feedback, before I post the rest of my SQL tools.

Thank you,

Joseph
  ----- Original Message ----- 
  From: Mike Malter 
  To: [ISAserver.org Discussion List] 
  Sent: Sunday, May 02, 2004 9:50 AM
  Subject: [isalist] IPHeader and Payload


  http://www.ISAserver.org

  I am starting to get interested in becoming more adept at reading ISA Logs 
and am looking for general documentation on what the logs are and what each 
individual metric means.

   

  Of particular interest is the IPHeader and Payload sections of the packet 
filter log.  Is there a tool somewhere that I can build/get that can show me 
what is in there?

   

  Thanks.

   

  Mike Malter

  (415) 479-1968 Office

  (415) 309-4637 Mobile

  (415) 462-2941 FAX

   

  ------------------------------------------------------
  List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
  ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
  ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
  ------------------------------------------------------
  Other Internet Software Marketing Sites:
  Leading Network Software Directory: http://www.serverfiles.com
  No.1 Exchange Server Resource Site: http://www.msexchange.org
  Windows Security Resource Site: http://www.windowsecurity.com/
  Network Security Library: http://www.secinf.net/
  Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
  ------------------------------------------------------
  You are currently subscribed to this ISAserver.org Discussion List as: 
cismic@xxxxxxx
  To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts:

• » IPHeader and Payload
• » Re: IPHeader and Payload
• » Re: IPHeader and Payload

1. Home
2. isalist
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---