[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
> Date: 2009年6月16日 17:24:32 -0400
> From: jeff <jeffv@op.net>
> Now all I have to do is figure out how to read the results and I'll be
> all set.*
But Brent already answered that, and I'd meant to point it out. You can
read the file you created with 'tcpdump -w' using 'tcpdump -ra {other
stuff}' or better yet--wait for it--Wireshark. The nice part is that
you only pay the GUI tax when it makes sense and is useful (i.e.,
during analysis), rather than during collection.
The Northcut _Network Intrusion Detection_, Sptizner _Know Your Enemy_
books and SANS GIAC cert material are invaluable for figuring out what
the heck it is that you are looking at.
Good luck,
JP
----------------------------|:::======|-------------------------------
JP Vossen, CISSP |:::======| http://bashcookbook.com/
My Account, My Opinions |=========| http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug