Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Introduction to IPAudit
Paul Asadoorian

IPAudit is a handy tool that will allow you to analyze all packets entering and leaving your network. It listens to a network device in promiscuous mode, just as an IDS sensor would, and provides details on hosts, ports, and protocols. It can be used to monitor bandwidth, connection pairs, detect compromises, discover botnets, and see whos scanning your network. When compared to similar tools, such as Cisco System's Netflow it has many advantages (see the SecurityFocus articles on Netflow, part 1 and part 2). It is easier to setup than Netflow, and if you install it on your existing IDS sensors, there is no extra hardware to purchase. Since it captures traffic from a span port, it does not require that you modify the configuration of your networking equipment, or poke holes in firewalls for Netflow data.

Comments Mode:
Introduction to IPAudit 2006-02-10
Anonymous (1 replies)
I was trying out the beta version, but

could not get it to work.

how do unistall it? and install the stable version...

[ more ]  [ reply ]
Re: Introduction to IPAudit 2006-02-16
Veerendra
What were the problems that you faced with the installation.

You can uninstall it stopping the process

ps -eaf

kill sigid --the ipauditweb process.

and then remove the ipaudit folder....

[ more ]  [ reply ]
Introduction to IPAudit 2006-02-27
Anantha K (1 replies)
Hello,

I was not able to get real data on the graphs, i can see the rest of things,but i cant see the graphs, it still shows the default sample page.

what could be wrong and how to correct that. Earlier i was not able to do even the reports which issued an error, when i changed perl scripts to ...

[ more ]  [ reply ]
Re: Introduction to IPAudit 2006-03-01
Veerendra (1 replies)
Verify that GNUplot is working.

~which gnuplot - gives the location.

if this gives an error, then configure GNUplot

~gnuplot

~gnuplot>set term png

if this gives an error, then configure libpng.

~gnuplot>exit

~which png

if this gives an error, then configure libpng....

[ more ]  [ reply ]
Re: Re: Introduction to IPAudit 2006-03-03
Anantha K (1 replies)
Thanks, i was able to install the GNUPLOT now. But still i have some issues since i dont get any data on the busiest machines etc, busiest remote and local machines .

in some cases,i can see the incoming data and no outgoing data which shows zero.

Because the ipadudit is not capturing data for s...

[ more ]  [ reply ]
Re: Re: Re: Introduction to IPAudit 2006-09-15
ng1p
I had the same problem. It was becouse I was running a 64 bit linux version of perl. Go to the ipaudit forum for the full answer and fix.

http://sourceforge.net/forum/forum.php?thread_id=1570947&forum_id=59302...

[ more ]  [ reply ]
Introduction to IPAudit 2006-07-20
Anonymous
Hello, I have installed Beta of ipaudit-web Version but I don't can see graphs, and I don't can see dates, the reports that can show are in white, someone know what can I do?...

[ more ]  [ reply ]
Introduction to IPAudit (alternative for Probe one ?) 2006-07-24
Anonymous
This looks like a low-cost alternative for those people who dont't need all the extensive reporting capabilities of commercial network analyser like Probe one.

Altough it is nog clear to me if this tool is also capable of zooming into specific network segments like the probe can.

Jerry....

[ more ]  [ reply ]
Password protect IPaudit 2009-07-17
Robbie
How exactly do you password protect IPAUDIT....

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus