I knew I liked Jim, but didn't know why - as soon as you mentioned Navy; now it makes sense ;) I'll go ahead and check out the links. Thanks a lot. Mike Malter (415) 479-1968 Office (415) 309-4637 Mobile (415) 462-2941 FAX _____ From: cismic [mailto:cismic@xxxxxxx] Sent: Sunday, May 02, 2004 9:57 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: IPHeader and Payload http://www.ISAserver.org Hi Mike, The IP header for the packet filter log is compraised of HEX as you can see it when looking at the logs. I have some import scripts located out on http://isatools.org site. listed under joe cismic. Not sure how Jim came up with that name! It would have been better to be Joe Marine or my real name of course. But, him being of retired Navy caliber....<grin> Well, that said. Yes, I have some sql tools that I'm working on that reads the payload of the packet filter logs and makes analysis of those somewhat similar to snort. Snort is a tool that you use to assit with intrusion detection and is available at http://www.snort.org My scripts were to get the data into an SQL database for further analysis. If any one has used them please drop me some feedback, before I post the rest of my SQL tools. Thank you, Joseph ----- Original Message ----- From: Mike Malter <mailto:mike@xxxxxxxxxxxxxx> To: [ISAserver.org Discussion List] <mailto:isalist@xxxxxxxxxxxxx> Sent: Sunday, May 02, 2004 9:50 AM Subject: [isalist] IPHeader and Payload http://www.ISAserver.org I am starting to get interested in becoming more adept at reading ISA Logs and am looking for general documentation on what the logs are and what each individual metric means. Of particular interest is the IPHeader and Payload sections of the packet filter log. Is there a tool somewhere that I can build/get that can show me what is in there? Thanks. Mike Malter (415) 479-1968 Office (415) 309-4637 Mobile (415) 462-2941 FAX ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mike@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')