Ethereal-users: [Ethereal-users] capture Events from Event Viewer?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "D'Alessandro, Dan" <Dan.D'Alessandro@xxxxxxx>
Date: Wed, 30 Nov 2005 14:45:19 -0500

All,

 

I am working with a remote network administrator who for the last couple weeks have had his server receiving numerous login attempts from what appears to be infected machines elsewhere within our company.  Thinking it was a virus, we had the admin of the machines listed in the event properties run a full on demand scan and found nothing.  I have asked the remote admin of the attacked servers to run ethereal to capture the traffic when this happens. 

 

My question is two-fold:

 

  1. Is there any way to filter on this type of traffic (ie: Event ID: 529 as shown below) ?

 

  1. How large can a capture sequence get?

 

Thanks for any help.

 

 

 

 

 

Thank You,

Dan D'Alessandro

Network Specialist

ITT Industries- Enterprise Infrastructure

847.470.4956

************************************
This e-mail and any files transmitted with it are proprietary and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the sender. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of ITT Industries, Inc. The recipient should check this e-mail and any attachments for the presence of viruses. ITT Industries accepts no liability for any damage caused by any virus transmitted by this e-mail.
************************************