On Mon, 2004-12-27 at 15:31 +0100, Martin.Scheidig@xxxxxxxx wrote:
> (See attached file: Ethereal-conversation.JPG.lnk)Hello Devellopers,
>
> I am using Ethereal somtimes to generate a Traffic Matrix. The
> Conversations Option helps very mutch to simplfy this job. In my opinion
> there is one point witch could be improved.
> At the tcp folder you can see the Address A with Port A und Address B witch
> Port B. But you cannot see if Address A or Address B initiates the TCP
> Session. To design Fire Wall Rules this Information is nesseceary. To
> demonstrate this I send you a Screen Shot.
> At the screen shot you could see that the IP 10.3.10.26 initiates the
> Session [SYN]. If you have a lock at the Conversations Folder you can see
> the Address 10.10.14.17 at the Collum Address A and the IP 10.3.10.26 at
> the Collum B. Thist indicates in my opinion that 10.10.14.17 initiates the
> Session and not 10.3.10.17.
>
> In my opinion it would be very usefull if for all TCP Sessions Address A is
> used for the Source and Address B is used for Destinations.
>
> Best regards
>
> Martin Scheidig
> ++++++++++++++++++++++++++++++++++++++++++++++++++++
hping is a much simpler tool for designing firewall rules imho,
ethereal/tcpdump can be used for verification if you don't trust the
logging.
Ted