Protocol Analyzers
The terms protocol analyzing and packet sniffing are interchangeable. They refer to the process of monitoring the data that is transmitted across the network. The software that performs the operation is called either an analyzer or a snifter.
Sniffers are readily available on the Internet. These tools were initially intended for legitimate network-monitoring process, but they can also be used to gather data for illegal purposes.
IM traffic, for example, uses the Internet and is susceptible to packet-sniffing activities.
Any information contained in an IM session is potentially vulnerable to interception. Make sure that users understand that sensitive information should not be sent using this method.
One of the best-known tools for analyzing network traffic in real time is Snort (www.snort.org).
Installing Snort in Linux
The de facto standard for intrusion detection in Linux is Snort. To install the package on an openSUSE server, follow these steps:
- Log in as root and start YaST.
- Choose Software and then install And Remove Software. Search for
- Check the box when the package appears.
- Click Accept. If any dependency messages appear. Click Continue to add them as well.
- Swap CDs as prompted, and exit YaST upon completion.
To use the Snort utility, open a terminal session and type snort. This generates an error message that lists all of the options that you can use with this utility.