mailing list archives
Re: Analysis of "stacheldraht"
From: jpr5 () DARKRIDGE COM (Jordan Ritter)
Date: Fri, 31 Dec 1999 14:34:52 -0500
# Programs like "ngrep" do not process ICMP packets, so you will not as
# easily (at this point in time) be able to watch for strings in the data
# portion of the ICMP packets (except using the patches to tcpshow from
# Appendix C and patches to sniffit provided in the analysis of TFN).
The latest version of ngrep (1.35) does in fact match ICMP, and has been out
for some time now.