On 12 Dec 2001 at 13:33, Johnston Mark wrote: > Hi, > Thats not what I'm after ...... the ports and IP's etc are no problem. > Lets say I have a anonomous ftp connection, instead of seeing only > disallowed packets (all packets except ftp) I would like to see the > allowed packets to that server as well (which would be the ftp in this > case), in order to see who is connecting.
Ah, in that case you're out of luck. However, if you do put snort on a machine inside your PIX you can log all packets for all connections that were let through. With the rules you could log just ftp packets, or just web, or whatever. And putting a machine outside your PIX with snort you could log everything the PIX denies too. In fact putting just one outside would avoid duplicating packet dumps, but you'd need to make sure that the snort machine is locked down as your PIX won't protect it. It's really configurable, and easy to set up once you've played with it for about 10 minutes. And it's free. http://www.snort.org/ Dan --- D.C. Crichton email: [EMAIL PROTECTED] Senior Systems Analyst tel: +44 (0)121 706 6000 Computer Manuals Ltd. fax: +44 (0)121 606 0477 Computer book info on the web: http://computer-manuals.co.uk/ Want to earn money? Join our affiliate network! http://computer-manuals.co.uk/affiliate/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
