Re: IPHeader and Payload
- From: "Mike Malter" <mike@xxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 2 May 2004 17:08:33 -0700
I knew I liked Jim, but didn't know why - as soon as you mentioned Navy;
now it makes sense ;)
I'll go ahead and check out the links.
Thanks a lot.
Mike Malter
(415) 479-1968 Office
(415) 309-4637 Mobile
(415) 462-2941 FAX
_____
From: cismic [mailto:cismic@xxxxxxx]
Sent: Sunday, May 02, 2004 9:57 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: IPHeader and Payload
http://www.ISAserver.org
Hi Mike,
The IP header for the packet filter log is compraised of HEX as you can
see it when looking at the logs.
I have some import scripts located out on http://isatools.org site.
listed under joe cismic. Not sure how
Jim came up with that name! It would have been better to be Joe Marine
or my real name of course.
But, him being of retired Navy caliber....<grin>
Well, that said. Yes, I have some sql tools that I'm working on that
reads the payload of the packet filter logs
and makes analysis of those somewhat similar to snort. Snort is a tool
that you use to assit with intrusion detection and
is available at http://www.snort.org
My scripts were to get the data into an SQL database for further
analysis. If any one has used them please drop me
some feedback, before I post the rest of my SQL tools.
Thank you,
Joseph
----- Original Message -----
From: Mike Malter <mailto:mike@xxxxxxxxxxxxxx>
To: [ISAserver.org Discussion List]
<mailto:isalist@xxxxxxxxxxxxx>
Sent: Sunday, May 02, 2004 9:50 AM
Subject: [isalist] IPHeader and Payload
http://www.ISAserver.org
I am starting to get interested in becoming more adept at
reading ISA Logs and am looking for general documentation on what the
logs are and what each individual metric means.
Of particular interest is the IPHeader and Payload sections of
the packet filter log. Is there a tool somewhere that I can build/get
that can show me what is in there?
Thanks.
Mike Malter
(415) 479-1968 Office
(415) 309-4637 Mobile
(415) 462-2941 FAX
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: cismic@xxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mike@xxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
