-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I've recently set up a Mandrake 8.2 workstation. I've used > firestarter to build a firewall, and I want to use a packet > sniffer.
Define `packet sniffer'. In the general term Ethereal is a packet sniffer, in that it captures data using the pcap interface and shows the data nice and sliced to you. So it shows which options of a protocol are set, the payload, etc. > So, I tried Ethereal and it works fine. However, can rulesets be > applied to Ethereal as they can with Snort? I want a little extra > security, not just logs of packets. Both snort and ethereal add nothing to security in the sense that they will provide extra protection. They _can_ provide additional security in the sense of generating notification and awareness. > If Ethereal *can* be used to block packets, is it a good substitute > for snort? No. Snort is an Intrusion Detection System [IDS], whereas Ethereal is a program to inspect packets as a analysis tool. Snort inspects packets too, matches them to a rulelist to discover potential and known offensive payloads [such as remote exploits]. > Or would I benefit from using Snort instead? There also seem to > be a lot of snort reporting tools - are there any for Ethereal? You are confusing the programs. Read up a bit more on the different terms to get the understanding clearer. Hope this helps, - -- Jeroen Ruigrok van der Werven <[EMAIL PROTECTED]> PGP Fingerprint: 0C79 EEA9 41AC A8EB 28F3 E765 4E28 8AB9 2A04 6F90 -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPPXzX04oirkqBG+QEQJS7ACfVyhcSsmOukotk3CJmCyBZEdcUloAoNF2 vp1cqWs7o2/y9EO/REh4+Fhp =iYU+ -----END PGP SIGNATURE----- N.B.: op (de inhoud van) deze e-mail is een DISCLAIMER met belangrijke VOORBEHOUDEN van toepassing: zie http://www.ben.nl/disclaimer This e-mail and its contents are subject to a DISCLAIMER with important RESERVATIONS: see http://www.ben.nl/disclaimer
