tcpdump mailing list archives
Re: about this mailing list
From: Guy Harris <guy () alum mit edu>
Date: Thu, 12 Jun 2008 15:35:33 -0700
On Jun 12, 2008, at 2:56 PM, Eloy Paris wrote:
However, other applications may want to do more than capturing, dissecting, and presenting results, like capturing packets and then taking some action, like sending a response back, or performing sometype of analysis that tcpdump and wireshark can't do. Other applicationsmay even want to do less than tcpdump and wireshark do.
For example, it might barely be possibly to try to make Wireshark into an intrusion detection system, but you probably won't like the IDS you get from that exercise; Wireshark is designed as a network analyzer for a human to use, not as an IDS checking for intrusion-style problems in the background. It does more than an IDS needs in some cases, and less than an IDS needs in others.
Snort and Bro, for example, are IDSes that use libpcap.
See http://www.tcpdump.org/related.html for a list of related projects,some of which use libpcap for some function.
And see the Wikipedia page for libpcap and its Windows port WinPcap:
http://en.wikipedia.org/wiki/Pcap
for some other programs that use libpcap/WinPcap.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- about this mailing list Michael Bernstein (Jun 11)
- Re: about this mailing list Guy Harris (Jun 11)
- Re: about this mailing list Michael Bernstein (Jun 12)
- Re: about this mailing list Eloy Paris (Jun 12)
- Re: about this mailing list Guy Harris (Jun 12)
- Re: about this mailing list Michael Bernstein (Jun 13)
- Re: about this mailing list Jesse Kempf (Jun 13)
- Re: about this mailing list Michael Bernstein (Jun 12)
- Re: about this mailing list Guy Harris (Jun 11)