Ethereal-users: [Ethereal-users] Newbie Windows Networking Questions

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: shaun <shaun@xxxxxxxxxxxxx>
Date: Mon, 14 Jul 2003 13:59:08 -0500
Hello - I'm looking for a way to log the IP addresses that connect to my Windows 2000 servers via Windows Networking (SMB / CIFS). And, if possible, to separate those addresses into 2 categories: those that authenticated successfully and those that didn't (as reported in my Security Event Logs). My intent is to use this data to establish firewall rules.

I've been looking at Ethereal & Snort for this, and from what I've read, it looks like Ethereal knows more about Windows Networking than Snort does, so I'm hoping it can interpret the server's responses to requests and separate the successes from the failures. Can anyone help get me started on this? Or suggest which parts of the Ethereal manual to read?

thanks much,

Shaun Fischer
University of Wisconsin - Madison
Division of Information Technology
Production Services
Platforms & Operating Systems
1210 W Dayton St.  Room 3293
Madison, WI 53706
(608) 262-2773  shaun@xxxxxxxxxxxxx