Wireshark · Ethereal-users: Re: [Ethereal-users] SEBEK

[Fabrizio Bertocci <fabrizio@xxxxxxx>]

Richard,
I had a similar problem in the past...
The SEBEK packet dissector doesn't implement any extra control on the 
content of the packet, and basically dissect all the packets that are 
sent on the wire with the condition udp.port=1101

To avoid those kind of problem, you can disable the Sebek packet 
dissector in two ways:
1. From Ethereal: menu Analyze -> Enabled protocols
2. by creating a file called 'disabled_protos' under /usr/share/ethereal 
(or, for Windows in
  C:\Program Files\Ethereal or wherever Ethereal is installed) 
containing the list separated by newline
  of the disabled protocols (in this case the word 'sebek' all lower case).
  (by using this method you will completely hide the sebek from 
Ethereal, even from the "Enabled Protocols" dialog box).

Fabrizio


Richard.Webster@xxxxxxxxxxxxxxxxxx wrote:

> I was hoping you could tell me how Ethereal determines if a packet is 
> a SEBEK packet.  Is it simply the UDP destination port?  We are seeing 
> SEBEK traffic on our LAN and are responding as if we have a security 
> problem but I think the traffic is actually Tibco.  I am trying to 
> access how much I can trust Ethereal's determination that this traffic 
> is SEBEK.  Any advice would be appreciated.  Thanks,  Rich
>
> *Richard Webster*
> 908-231-2807
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>