[Dshield] Not in MY back yard - thank you very much...

John Draper lists at webcrunchers.com
Thu Feb 19 19:40:41 GMT 2004


On Feb 19, 2004, at 12:27 AM, jayjwa wrote:

> Most good sniffers will allow amazingly complex filters. Today, it 
> seemed
> like there was a little bit TOO much traffic going to & fro, so I 
> watched
> for several hours, all this with ftp'ing data in, and users on both 
> https
> & ftp. For example, if you are drawing from some-home.net:8000 via 
> http,
> write a filter to ignore that part only. Today I used tethereal, but
> there's several I'd recommend.

Most of my 'sniffing' will be done using Snort,  and carefully written 
rules.

John




More information about the list mailing list