> Just curious... why would you want to do that? Chances are you won't be
> running the sniffer 100% of the time... Why not put the code on all your
Actually, the idea would be to run it all the time and delete the logs
when they hit a certain age. There are some very specialized sniffers
that only log the first n bytes of TCP connections to certain ports.
These can be used 24/7 in a typical ISP without need for multi-GB raid
arrays for storage. This way, if you are the target of some hacker
activity, you would have pretty good log data to A) help track them down,
B) hand to the FBI.
I'm somewhat involved in a case where exactly this sort of thing is
happening, and the FBI is involved.
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/message.
Florida Digital Turnpike |
________Finger jlewis@inorganic5.fdt.net for PGP public key_______