Ethereal-users: Re: [Ethereal-users] DCERPC Protocol

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 12 Sep 2003 12:07:46 -0700

On Sep 12, 2003, at 12:07 PM, Willy wrote:
The project I'm working will only be using the pcap libraries, I should be 
able to handle it at that level. When the project is done perhaps I'll
persue this further in the code, as Ethereal is too good of a tool to have this problem. Especially when it is used to blindly find out what traffic is 
on the LAN.
As noted by Martin, Ethereal - and any other packet analyzer - will probably never be able to properly guess the type of *all* packets; at best, one can reduce the likelihood of the problem (although making the heuristics stronger could also mean that a packet that *is* DCERPC, or whatever, isn't identified as such, so reducing the likelihood of false hits might increase the likelihood of false misses).