so i was thinking of searching for some freeware to put on some windows servers to watch my subnets in my lab for the worms (our building corporate network continues to have reinfestations of welchia). i occasionally put some of my lab/test boxen onto the corporate network and want to make sure no infected boxen are in my private LAN's (by watching the network traffic).

so one way would be to find and install a freeware program on the windows servers in those subnets, BUT then it occured to me that putting a single linux box up , with 3 NIC's (one for each subnet) should be effective. red hat 9 has many network analysis tools builtin , right?

sounds more fun than the other way too! :smoking:

Yeah, Linux has a bunch of network sniffers and intrusion detection tools available. Snort (http://www.snort.org/) is probably the most well known. I think there is a Windows version, too, though...

Snort is tops. Also a lot of pre-written monitoring scripts available so you don't have to roll your own.

thanks

i am also going to install a firewall box between my lab and the corporate network, i don't need them accusing me of being the source of anything, so i am locking it all down, i am paranoid