Traffic Profiling
twebster at blackhillscorp.com
twebster at blackhillscorp.com
Thu Feb 1 13:29:15 EST 2007
I am currently in the process of an internal firewall implementation. I
will be implementing firewalls on all of our internal server networks. I
find the most difficult part of this project is simple "data management".
How do I easily create server/port documentation so that I can correctly
write firewall rules for each and every server. I need to know
source/destination ip address and destination port/protocol for every
server. Since we do not currently have one central repository documenting
every server, I am going to need to perform network reconnaissance and
traffic analysis on each network.
To begin this process, I intend to use our current Argus archive to
profile traffic to/from our server network. I need to develop a method to
query Argus for each individual IP address that is currently in use and
document the port/protocol utilization for each address.
Now, we are using Argus 3.0 and I have written several useful queries that
give me the information I need, e.g. saddr, daddr, dport, bytes. The
problem I face, is how do I make this "easier". Do I need to script and
automate some of these queries? Should I export this data into a database
for other types of queries?
I guess, my question I have include
1. Knowing that others have used Argus to profile networks, what methods
work? Did you develop any scripts to automate the process?
2. Are there current methods for importing Argus results into a database?
3. Also, is xml an option, does raxml still exist for Argus 3.
4. Any additional suggestions how to go about managing the documentation
and organization of this data?
Thank you for any help and suggestions,
Tony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20070201/8e2d14a8/attachment.html>
More information about the argus
mailing list