RE: Evaluation for IDS
From: Jose Nazario (jose@biocserver.BIOC.cwru.edu)Date: 09/28/01
- Previous message: jfontelera@SOLANOCOUNTY.COM: "RE: Evaluation for IDS"
- In reply to: jfontelera@SOLANOCOUNTY.COM: "RE: Evaluation for IDS"
- Next in thread: Henry Sieff: "RE: Evaluation for IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Sep 2001 17:32:33 -0400 (EDT) From: Jose Nazario <jose@biocserver.BIOC.cwru.edu> To: <jfontelera@SOLANOCOUNTY.COM> Subject: RE: Evaluation for IDS Message-ID: <Pine.LNX.4.30.0109281729500.2987-100000@biocserver.BIOC.CWRU.Edu>
On Fri, 28 Sep 2001 jfontelera@SOLANOCOUNTY.COM wrote:
> Is there a good site that discusses writing filters for TCPDump or
> Windump.
no sites that i know of off the top of my head, though the book "Network
Troubleshooting Tools" is worth looking at. the author covers some
interesting fundamentals of libpcap filters
http://www.oreilly.com/catalog/nettroubletools/
hope that helps. also, look at the tcpdump manpage (the openbsd one has
nice examples)
____________________________
jose nazario jose@cwru.edu
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
- Previous message: jfontelera@SOLANOCOUNTY.COM: "RE: Evaluation for IDS"
- In reply to: jfontelera@SOLANOCOUNTY.COM: "RE: Evaluation for IDS"
- Next in thread: Henry Sieff: "RE: Evaluation for IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
