Ethereal-users: RE: [Ethereal-users] [Q-OT] Size of a trace and hub functions

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Eichert, Diana" <deicher@xxxxxxxxxx>
Date: Fri, 9 Feb 2001 13:29:56 -0700
Have you considered using snort to do this.  If you write a signature for
this, when it triggers it can save the traffic in a libpcap capture file.

Take look at:
http://www.snort.org/writing_snort_rules.htm
for more info about writing snort rules

diana


> 	1. I needed to "catch" a file transfer error (FTP process) 
> resulting in incomplete file transfer (as you know, file transfer are 
> reported as "success" 226 regardless of whether the file made it 
> completely or not!) . Unfortunately this doesn't happen on a regular 
> basis, so I had no other choice than getting a large disk capable 
> Linux box, and run and save each day the ethereal trace. After 
> having re-visited a couple of traces, I was very surprised to see that 
> some of them didn't contain the whole day worth of data but only a 
> couple of hours, , while other days it worked just fine! So - my 
> question is: is there any problem in ethereal which would keep it 
> from recording continuously, other than disk space or memory 
> (which I have plentiful of both)?