[plug] ethereal
tcleary2 at csc.com.au
tcleary2 at csc.com.au
Fri Jul 23 12:28:19 WST 2004
Marc,
You said:
>Now I know its a packet monitoring program can someone
>please explain what the purpose apart from looking at packets its used
for.
You need something more? ;-)
ethereal is one of the best troubleshooting tools you can get because it
does things like permitting you to follow particular conversations from a
captured datastream by selective use of filtering/masking.
This is especially useful when some nasty person attacks you, because you
can reconstruct what the bounder did, if you can get a full packet dump in
a transportable format ( i.e. pcap format )
I've found it very useful when investigating "malicious activity" of
various sorts, backing up IDS alerts.
It is pleasant to disabuse people of the notion that "In Cyberspace no one
can see your crime".
Regards,
tom.
----------------------------------------------------------------------------------------
Tom Cleary - Security Architect
CSC Perth
"In IT, acceptable solutions depend upon humans - Computers don't
negotiate."
----------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit
written agreement or government initiative expressly permitting the use of
e-mail for such purpose.
----------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20040723/5b136202/attachment.html>
More information about the plug
mailing list