[Dshield] Traffic comparison - looking for tools -- the final answer

Joel Esler eslerj at gmail.com
Wed Jun 8 14:17:26 GMT 2005


Follow TCP Stream is a really nifty feature.  If you have the money,
check out Iris.  From Eeye.com

Excellent piece of software...  Its "follow TCP" options are just SICK..

On 6/8/05, Josh Tolley <josh at raintreeinc.com> wrote:
> >>I'm trying to track down a problem with a client-server application
> >>where the app quits responding periodically. After some investigation,
> >>it appears the problem might be caused by dropped packets, though since
> >>the communication is TCP, and TCP is supposed to handle that kind of
> >>thing, I can't be too sure. I'd like to set up a sniffer at the client's
> >>site and one at the server, and just compare to see if what gets sent
> >>matches what is received.
> 
> To reply to my own post, it looks like the problem was caused by an
> unexpected firewall configuration at the client side, and I didn't end
> up having to compare traffic streams. Yet.
> 
> Thanks to all for your suggestions. As a side note, I discovered a
> feature in Ethereal I hadn't known was there: the "Follow TCP Stream"
> option. Really useful stuff...
> 
> --
> Josh Tolley
> Raintree Systems, Inc.
> http://www.raintreeinc.com
> -------------- Sponsor Message ------------------------------------
> Join us at SANSFIRE 2005 in Atlanta!
> The Internet Storm Center Conference.
> Details: http://www.sans.org/sansfire2005
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 


-- 
Joel Esler
BASE Project Lead
http://sourceforge.net/projects/secureideas




More information about the list mailing list