Security Basics: Re: Sniffering and Protocol Analyzer ?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Basics mailing list archives

Re: Sniffering and Protocol Analyzer ?

From: lobo <lobo () c3a de>
Date: Mon, 09 Jul 2007 22:16:43 +0200

Hi Mohamed,

On Sun, 2007-07-08 at 12:59 +0300, Mohamed Farid wrote:

I used Ethereal ( Woreshark ) but I couldn't get an easy output ...
Can you advise what should I do ?


I would recommend to use the conversation list. You can find it in the
menu under Statistics->Conversations. Switch to the IPv4 tab and sort
the list by "Bytes" to find the host which might be the cause for that
traffic utilization.

But I also want to mention that wireshark is not always the best way
to start with, when you want to analyze large pcap files. There was
some weeks ago a good article on the TaoSecurity blog about structured
traffic analysis. If you are interested in, here is the link:
http://taosecurity.blogspot.com/2007/05/lbnlicsi-enterprise-tracing-project.html

best regards,

jochen

Attachment: signature.asc
Description: This is a digitally signed message part

By Date By Thread

Current thread:

Sniffering and Protocol Analyzer ? Mohamed Farid (Jul 09)
- RE: Sniffering and Protocol Analyzer ? Skokan, Paul (Jul 09)
  - Re: Sniffering and Protocol Analyzer ? Jacco (Jul 09)
- Re: Sniffering and Protocol Analyzer ? lobo (Jul 09)
- Re: Sniffering and Protocol Analyzer ? Kurt Buff (Jul 09)
- Re: Sniffering and Protocol Analyzer ? Nikhil Wagholikar (Jul 11)