At 05:19 PM 7/17/00 +0200, Jochen Friedrich wrote:
>Hi Richard,
>
>> Again, I think that this is not a job for Ethereal, but is a job for
>> another tool that understands the structure of the protocols involved. It
>> would sort through the data and apply some heuristics to spot anomalies.
>>
>> Such a tool, and Ethereal, would be helped if there was an underlying
>> library that knew how to decode packets, so each higher level tool could
>> concentrate on its own job. In the case of Ethereal, that job is to display
>> the decoded packets.
>
>Such a library also would make an RMON-2 subagent (like btng)
I don't know about this. It may do. I hope to release something in a while.
> or an IDS
>tool (like snort) much easier :-)
Well, I have been persuaded that an IDS needs something different. I think
an IDS needs fast packet analysis routines, whereas I want complete packet
analysis. An IDS often wants to specify a sequence of bytes at an offset
from the start, and often wants fast parallel searching, whereas I want
every packet decoded completely.
>Regards,
>Jochen
>
>
>
Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba