[plug] ethereal
Jon Miller
jlmiller at mmtnetworks.com.au
Fri Jul 23 18:10:55 WST 2004
It's every network engineers best friend for troubleshooting "why the network is slow". I've used it to track down workstations that had viruses on them. Users abusing network policies with steaming video and music. So yes it's a very good tool (and it's free too). I had prior to this a $18,000 tool to do the same except it did explain everything in plain English, however when the $$$$ are coming out of your pocket you tend to look for a good replacement and this fit the bill perfectly (even using tethereal on the Linux side is worth using).
Jon
Jon L. Miller, MCNE, CNS, ASE
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au
"I don't know the key to success, but the key to failure
is trying to please everybody." -Bill Cosby
>>> tcleary2 at csc.com.au 12:28:19 pm 23/07/2004 >>>
Marc,
You said:
>Now I know its a packet monitoring program can someone
>please explain what the purpose apart from looking at packets its used for.
You need something more? ;-)
ethereal is one of the best troubleshooting tools you can get because it does things like permitting you to follow particular conversations from a captured datastream by selective use of filtering/masking.
This is especially useful when some nasty person attacks you, because you can reconstruct what the bounder did, if you can get a full packet dump in a transportable format ( i.e. pcap format )
I've found it very useful when investigating "malicious activity" of various sorts, backing up IDS alerts.
It is pleasant to disabuse people of the notion that "In Cyberspace no one can see your crime".
Regards,
tom.
----------------------------------------------------------------------------------------
Tom Cleary - Security Architect
CSC Perth
"In IT, acceptable solutions depend upon humans - Computers don't negotiate."
----------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
----------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20040723/6e30c244/attachment.htm>
More information about the plug
mailing list