Ethereal-users: RE: [Ethereal-users] [Q-OT] Size of a trace and hub functions

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Eichert, Diana" <deicher@xxxxxxxxxx>
Date: Fri, 9 Feb 2001 14:26:12 -0700
Ahhh, but that is what snort does best, looking for an event and only
logging that event.  You see you used "rules", but I'm suggesting running
snort with only one rule, the ftp error.

We've tracked distributed applications this way on a very busy network
because it's amazing how little a developer really knows what going on with
their application, they were just writing using the available libraries, but
hey YMMV.

diana

-----Original Message-----
From: stefmit@xxxxxxxxxxxxx [mailto:stefmit@xxxxxxxxxxxxx]
Sent: February 09, 2001 2:13 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] [Q-OT] Size of a trace and hub functions


You see ... I am still thinking that each tool is to be used for what's 
supposed to do best - I am using snort on the DMZ and in other 
critical points, but I have a hard time believing that it would 
outperform a packet capturing program, if the latter doesn't need to 
run through rules. I may be wrong ... but I would still like to use 
ethereal for what I was initially asking ...