[Dshield] Traffic comparison - looking for tools

David Cary Hart DShield at TQMcube.com
Wed Jun 1 21:02:18 GMT 2005


On Wed, 2005-06-01 at 17:00 -0400, Jeff Kell wrote:

> I had a similar situation where the server was a hosted application services provider, and their response time was miserable.  They blamed our network and/or connectivity, we blamed them, etc.
> 
> I tried ethereal, tcpdump, etc., which worked to a point, but were painful to separate the signal from the noise in the sea of packets.  I cobbled together a few snort rules to fire on the transaction request (HTTP POST) and the first response packet, using flowbits to isolate the latter.
> 
What happens if you use appropriate capture rules in ethereal. It's
pretty easy to isolate only the packets that you are looking for or at
least to eliminate the obvious noise.
-- 
Multi-RBL Check:         http://www.TQMcube.com/rblcheck.htm
Kill Spam at the Source: http://www.TQMcube.com/spam_trap.htm
Today's Spam Trap Adds:  http://www.TQMcube.com/BlockedToday
RBLDNSD HowTo:           http://www.TQMcube.com/rbldnsd.htm



More information about the list mailing list