Guy
It probably wouldn't hurt. There are various utilities that I use
or know of that are useful to have in your network troubleshooting toolbelt.
Another one I use is the utility that anonymizes your captured data,
tcpdpriv. There are places at work where the capture's can't include the
data payload, but we need all the tcp/ip header info, tcpdpriv is useful for
that. That works much better than trying to only capture a certain number
of bytes using the -s snaplen switch.
I've thought of adding that functionality to tethereal but never
seem to have the time.
diana
-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxx]
Sent: February 09, 2001 1:48 PM
To: Eichert, Diana
Cc: stefmit@xxxxxxxxxxxxx; ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] [Q-OT] Size of a trace and hub functions
> Have you considered using snort to do this. If you write a signature for
> this, when it triggers it can save the traffic in a libpcap capture file.
>
> Take look at:
> http://www.snort.org/writing_snort_rules.htm
> for more info about writing snort rules
Hmm. We've recently had recommendations for both ntop and snort in
response to people trying to do some sort of network monitoring process.
The tcpdump.org Web site has a "Related Projects" page:
http://www.tcpdump.org/related.html
describing various other network traffic capture/analysis/etc. projects;
perhaps the Ethereal Web site should do something along those lines?
