You could also use Mason to do this. Mason will build a IPFWADM
ruleset based upon your network traffic. Once you have your
rulesets, you can reverse engineer them and see what traffic
had occured.
--David
>Ok, on an *inside*/dept firewall, if you want to get a blueprint
>for lack of a better word, of what is the existing traffic how would
>you suggest going about doing this?
>
>My thoughts -- Install ipfwadm or ipchains will default of accept all
>for I O and F. Then turn on auditing for just about every tcp and udp
>port separately -- Basically a rule for each port # so as to map out
>the traffic patterns on what is going on and then discuss with the
>departments what they have going, why, and present a more realistic
>firewall plan.
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
