On Tue, Oct 08, 2002 at 02:32:09PM +0000, [EMAIL PROTECTED] wrote:
> Newbie to the World of TCPDUMP.
>
> My question being ....
> Does anyone log ALL IP Headers IN+OUT of there Networks ?
> Should we be doing this ? Is it a good idea to take this approach ?
> Any ideas suggestions would be appreciated.
>
hello couterping,
The requirement to log all the data or not depends on your requirement. If you want to
look at the complete transmissions for forensics etc., I guess it might be needed that
you log the entire traffic, though this can be very expensive. So if there are
particular kind of services you are looking at to do forensics on it is better you log
the traffic for that alone. You can do that by specifying rules in tcpdump.
hth
phani
