Quote:
Originally posted by Grey Wolf
IF I have a MAC address set up to watch, I seem to see all activity from the address, but nothing to it.
|
Yes, this is true... This is an intrusion detection program, not a machine monitor program. We are concerned with where the unfriendly MAC address is going and what he is up to, not really with what his buddy is replying back to him with AOL instant messenger. This could change, however it would be more burden on the program to track this also.
Quote:
|
Any chance you could add a feature to watch an address, or better yet, and option to watch all activity between to address?
|
hmmm... would you accept putting AirSnare into one of two modes? like, AirSnare mode... would work the way it does now, watches for ALL unfriendly MAC addresses and AirMonitor Mode, where it would watch the activity to and from a SINGLE MAC address? I might be able to do something like that...
Quote:
|
Thanks for giving us the logging feature, but I was thinking of the program automatically writing to the log file.
|
OK, I can do this but if your not around and this thing is running over the weekend it could fill up fast, do you want a limit on the log size also? Also, I will consider the ability to save the log to a different directory.
Quote:
|
Also this seems like a great program to set up to call another like you did for NSSpyglass...<edited> like an X-10 light
|
That could be done, but the problem is *what* do you trigger the event on? This isn't looking for a specific packet (like the NetStumbler detection), it's looking at everything within a TCP and UDP packet, the event would be firing constantly.
Quote:
|
Also I miss the DHCP feature from NSSpyglass...
|
It shows DHCP requests for all unfriendly MAC addresses... do you want 1) to show ALL DHCP requests from both friendly and unfriendly? or 2) option to sound a WAV file on a DHCP request and if so from who? Friendly or unfriendly?
Quote:
|
I'm looking for a utility that will let me look into the *Normal* background activity that is always going on... ... ... My guess is I'm more likely to be hit with a trojan or a backdoor, that an unaurthorized machine on my network.
|
Any good antivirus program will protect you from this, just make sure the autoupdate is working and you should be fine.
Quote:
|
As to the trusted list, any way that it could be modified so that it included a time period, So that Machine 1 was trusted between 8:00 am to 12:01PM but not from 12:02 to 12:58pm and was again trusted from 1:00<snip>
|
Wow... could you explain why? Even if nobody is on that machine and it is just sitting there without ANY visible programs running there will still be network traffic to and from that machine, this is normal. This would also trigger an alert if it was 'untrusted'.
Wow... this was long... let me know what you think and I'll see what I can do...
Thanks,
Jay