Re: How do you use TCPDump?

2011-03-04 Thread shawn wilson
On Wed, Mar 2, 2011 at 11:00 PM, Jason Hsu wrote: > I have it installed, and I can look up the parameters in the command. > > What I don't understand is how I use it to investigate intrusions. Can > someone shed some light on this? > > > look at snort. it's pretty much the industry standard when

Re: How do you use TCPDump?

2011-03-04 Thread Chris Jones
On Fri, Mar 04, 2011 at 03:30:47AM EST, Anand Sivaram wrote: > Correct, it is wireshark now. Somehow I still remember that with the > name ethereal :) In ‘lenny’ at least, there's still a dummy ‘ethereal’ package.. That's how I found the new name.. couldn't remember it. Anyway, I mentioned it in

Re: How do you use TCPDump?

2011-03-04 Thread Anand Sivaram
Correct, it is wireshark now. Somehow I still remember that with the name ethereal :) On Fri, Mar 4, 2011 at 10:15, Steven Ayre wrote: > There's tshark too... (part of wireshark but commandline like tcpdump, > filters are identical to wireshark itself). > > -Steve > > > On 4 Mar 2011, at 03:11,

Re: How do you use TCPDump?

2011-03-03 Thread Steven Ayre
There's tshark too... (part of wireshark but commandline like tcpdump, filters are identical to wireshark itself). -Steve On 4 Mar 2011, at 03:11, Chris Jones wrote: > On Thu, Mar 03, 2011 at 09:00:43AM EST, Anand Sivaram wrote: > >> Tcpdump and Ethereal are very similar in terms of capture

Re: How do you use TCPDump?

2011-03-03 Thread Chris Jones
On Thu, Mar 03, 2011 at 09:00:43AM EST, Anand Sivaram wrote: > Tcpdump and Ethereal are very similar in terms of capture filters. > They both use libpcap. I believe they call it ‘wireshark’ these days.. cj -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "un

Re: How do you use TCPDump?

2011-03-03 Thread Anand Sivaram
On Thu, Mar 3, 2011 at 09:43, Mike Viau wrote: > > > On Wed, 2 Mar 2011 22:00:41 -0600 wrote: > > > > I have it installed, and I can look up the parameters in the command. > > > > What I don't understand is how I use it to investigate intrusions. Can > someone shed some light on this? > > > > W

RE: How do you use TCPDump?

2011-03-02 Thread Mike Viau
> On Wed, 2 Mar 2011 22:00:41 -0600 wrote: > > I have it installed, and I can look up the parameters in the command. > > What I don't understand is how I use it to investigate intrusions. Can > someone shed some light on this? > What kind of intrusions are you looking for? TCPDump is a pack