Wireshark · Ethereal-users: Re: [Ethereal-users] using ethereal as monitoring tool on shares.

Ethereal-users: Re: [Ethereal-users] using ethereal as monitoring tool on shares.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jens Link <lists@xxxxxxx>

Date: Mon, 24 Oct 2005 19:14:25 +0200

<waltern@xxxxxxxxxx> writes:

> I could use this to track down computers that are busy propagating
> viruses around on the network.

I think Ethereal is not the right tool for this job. You can either use
a IDS (like Snort) or NetFlow accounting.

Personally I use http://fprobe.sourceforge.net/ in combination with
http://nfdump.sourceforge.net/ and http://nfsen.sourceforge.net/ to
track down infected computers.

Also take a look a the following presentation:

<http://www.terena.nl/tech/task-forces/tf-csirt/meeting13/NFSEN-IBN-Haag.pdf>

Jens

References:
- [Ethereal-users] using ethereal as monitoring tool on shares.
  - From: waltern

Prev by Date: Re: [Ethereal-users] using ethereal as monitoring tool on shares.
Next by Date: [Ethereal-users] Script with tethereal
Previous by thread: Re: [Ethereal-users] using ethereal as monitoring tool on shares.
Next by thread: [Ethereal-users] Script with tethereal
Index(es):
- Date
- Thread