Ethereal-users: RE: [Ethereal-users] (no subject)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Richard Urwin <rurwin@xxxxxxxxxxxxxxx>
Date: Tue, 12 Mar 2002 08:27:20 -0000
There are many good books on TCP/IP, and I'm sure people will suggest their own favorites, but the RFCs have everything you really need to know and they're free.
Do a web search for:
RFC791.txt                for IP
RFC768.txt                for UDP
RFC793.txt                for TCP
 
 
For a useful-looking introduction try ftp://rtfm.mit.edu/pub/net/internet.text
 
-----Original Message-----
From: Douglas R. Pilot [mailto:dpilot@xxxxxxxx]
Sent: Monday, March 11, 2002 8:24 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] (no subject)

I have another question.  I have looked through the user guide.  It tells you all the stuff you can do but no basics on how to interpret the data that is captured.  Where can I find a step by step tutorial on how to interpret everything I see in each pane?  Some are easy like IP address etc but some are more difficult. I read an article about IDS signatures and it talked about  the SYN and FIN flags.  I have no idea where to look for these.
 
thanks
 

Douglas R. Pilot
Computer Instructor,
Shaftsbury Elementary School
dpilot@xxxxxxxx


 

 


This message has been 'sanitized'. This means that potentially dangerous content has been rewritten or removed. The following log describes which actions were taken.


Sanitizer (start="1015877165"):
  Part (pos="1182"):
    SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
      Match (rule="2"):
        Enforced policy: accept

  Part (pos="1850"):
    SanitizeFile (filename="unnamed.html", mimetype="text/html"):
      Match (rule="default"):
        Enforced policy: accept

    Rewrote HTML tag: >>_META http-equiv=Content-Type content="text/html; charset=iso-8859-1"_<<
                  as: >>_MANGLED_ON_PURPOSE_META http-equiv=Content-Type content="text/html; charset=iso-8859-1"_<<
    Rewrote HTML tag: >>_META content="MSHTML 6.00.2713.1100" name=GENERATOR_<<
                  as: >>_MANGLED_ON_PURPOSE_META content="MSHTML 6.00.2713.1100" name=GENERATOR_<<
    Total modifications so far: 2


Anomy 0.0.0 : Sanitizer.pm $Id: Sanitizer.pm,v 1.32 2001/10/11 19:27:15 bre Exp $


________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com
________________________________________________________________________


This message has been 'sanitized'. This means that potentially dangerous content has been rewritten or removed. The following log describes which actions were taken.


Sanitizer (start="1015921837"):
  Part (pos="1334"):
    SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
      Match (rule="2"):
        Enforced policy: accept

  Part (pos="4443"):
    SanitizeFile (filename="unnamed.html", mimetype="text/html"):
      Match (rule="default"):
        Enforced policy: accept

    Rewrote HTML tag: >>_META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"_<<
                  as: >>_MANGLED_ON_PURPOSE_META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"_<<
    Rewrote HTML tag: >>_META content="MSHTML 6.00.2713.1100" name=GENERATOR_<<
                  as: >>_MANGLED_ON_PURPOSE_META content="MSHTML 6.00.2713.1100" name=GENERATOR_<<
    Total modifications so far: 2


Anomy 0.0.0 : Sanitizer.pm $Id: Sanitizer.pm,v 1.32 2001/10/11 19:27:15 bre Exp $


________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com
________________________________________________________________________