[Dshield] Q: Packet Analyzer for windump, etc?

Dragos Ruiu dr at kyx.net
Thu Aug 2 19:51:48 GMT 2001


On Thu, 02 Aug 2001, you wrote:
> Ive tried using IRIS but couldn't get the full dump outpt to text. Now using
> windump, but having trouble analyzing the outpt. Any suggestions would be
> much appreciated.

For more stripped down decoding but more rules oriented automation try snort.
For more detail in the decodes try ethereal.  www.snort.org, and
www.ethereal.com respectively. Both speak tcpdump/windump files.

cheers,
--dr




More information about the list mailing list