Ethereal-users: Re: [Ethereal-users] using ethereal as monitoring tool on shares.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jens Link <lists@xxxxxxx>
Date: Mon, 24 Oct 2005 19:14:25 +0200
<waltern@xxxxxxxxxx> writes:

> I could use this to track down computers that are busy propagating
> viruses around on the network.

I think Ethereal is not the right tool for this job. You can either use
a IDS (like Snort) or NetFlow accounting.

Personally I use http://fprobe.sourceforge.net/ in combination with
http://nfdump.sourceforge.net/ and http://nfsen.sourceforge.net/ to
track down infected computers.

Also take a look a the following presentation:

<http://www.terena.nl/tech/task-forces/tf-csirt/meeting13/NFSEN-IBN-Haag.pdf>

Jens