[Dshield] Q: Packet Analyzer for windump, etc?

Thu Aug 2 19:51:48 GMT 2001

> Ive tried using IRIS but couldn't get the full dump outpt to text. Now using
> windump, but having trouble analyzing the outpt. Any suggestions would be
> much appreciated.

For more stripped down decoding but more rules oriented automation try snort.
For more detail in the decodes try ethereal.  www.snort.org, and
www.ethereal.com respectively. Both speak tcpdump/windump files.


