Tripwire, Magicnotes, and Smartpackets

Tripwire came up on one of my Wireshark reports.

"Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner"(Ubuntu Geek, 2008).

As indicated by the the IANA Port Numbers report (2009), port 3023 TCP and UDP is for Magicnotes, port 1169 TCP and UDP is used for Tripwire, and port 3218 TCP and UDP is reserved for EMC smartpackets (IANA, 2009).

References

(April 23, 2008). Ubuntu Geek. List of security tools available in Ubuntu. Retrieved on November 25, 2009 from http://www.ubuntugeek.c om/list-of-security-tools-available-in-ubuntu.html

(November 25, 2009). IANA. Port numbers. Retrieved on November 25, 2009 from http://www.iana.org/assignments/port-numbers

Protecting Your Network: Sniffing

When sniffing your network you need to be able to recognize the "captures".

In Wireshark's Wiki, sample captures are listed so that you can recognize

• Crack Traces
  
• Viruses
• Protocol Traffic
• Wifi
  

Also it is important to be able to recognize the varying methods of attacks. Wikipedia explains a number of attacks and also gives some prevention tips.