Hi all. Responses have been good before so I thought I'd try again. I've recently set up a Mandrake 8.2 workstation. I've used firestarter to build a firewall, and I want to use a packet sniffer.
After installing Snort, it didn't work due to a data type 113 error. I uninstalled it, then reinstalled from an RPM, but apparently I don't have libpcap installed (which I do). So, I tried Ethereal and it works fine. However, can rulesets be applied to Ethereal as they can with Snort? I want a little extra security, not just logs of packets. If Ethereal *can* be used to block packets, is it a good substitute for snort? Or would I benefit from using Snort instead? There also seem to be a lot of snort reporting tools - are there any for Ethereal? Thanks a lot, Thomas Madhavan
