Ethereal-users: Re: [Ethereal-users] Limiting the capture to 128bytes

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Guy Harris" <gharris@xxxxxxxxx>
Date: Wed, 22 Sep 2004 17:34:49 -0700 (PDT)
Hansang Bae said:
> Is there a way to systematically disable capturing full packets?  I work
> for a financial company and one of the audit requirements is that we
> disable full packet capturing.  Has anyone done this before?  I know there
> is a "LIMIT" option in the capture window, but I'm talking about doing
> this as a default behavior wee/o the ability to change it unless you have
> root like access.

There's no way to disable full packet captures.

Even if Ethereal *did* have a way to disable that, you'd also have to
prevent people from compiling Ethereal from source, as they could then
remove that restriction (and note that "prevent people from compiling
Ethereal from source" includes compiling it on their home machines, unless
you can prevent those versions from being run, e.g. because the machines
on which it'd run can't run x86 or PowerPC binaries).

If *I* were a financial institution worried about packet capture, I
wouldn't limit my worries to full packet capture....