On 06/23/2010 11:00 PM, David H. Lipman wrote:
From: "Guy Harris"<guy@xxxxxxxxxxxx>
| On Jun 22, 2010, at 3:28 PM, David H. Lipman wrote:
What do I need to provide the site owner to implement the rule(s) on his
server ?
| You need to tell them
| Please filter out all traffic to or from UDP port 137 from the pcaps you generate,
| however that happens to be done.
| Because you haven't told us how the pcap file is generated, we cannot give you anything
| more detailed than that.
The server admin provided the following to me Today...
"I record pcap with tshark, so what I need is a tshark capture filter."
Hi,
Well then, tell him to add:
-f "not udp port 137"
to the tshark command line.
Thanks,
Jaap