JP Vossen on 16 Jun 2009 20:46:38 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Wireshark ate itself

> Date: Tue, 16 Jun 2009 17:24:32 -0400
> From: jeff <>

> Now all I have to do is figure out how to read the results and I'll be 
> all set.*

But Brent already answered that, and I'd meant to point it out.  You can 
read the file you created with 'tcpdump -w' using 'tcpdump -ra {other 
stuff}' or better yet--wait for it--Wireshark.  The nice part is that 
you only pay the GUI tax when it makes sense and is useful (i.e., 
during analysis), rather than during collection.

The Northcut _Network Intrusion Detection_, Sptizner _Know Your Enemy_ 
books and SANS GIAC cert material are invaluable for figuring out what 
the heck it is that you are looking at.

Good luck,
JP Vossen, CISSP            |:::======|
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --