Wireshark · Ethereal-users: Re: [Ethereal-users] sasser

Ethereal-users: Re: [Ethereal-users] sasser

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Wed, 12 May 2004 02:08:47 -0700

On Tue, May 11, 2004 at 07:51:22PM -0500, Chris T. wrote:
> I am using ethereal to track down infections on my network and I have a
> filter which I found on the internet.

Found it here?

	http://www.ethereal.com/lists/ethereal-users/200405/msg00103.html

Note that he suggests that there are other tools such as Snort that
might be better for tracking down worms on a network:

	http://www.snort.org/

	http://www.prelude-ids.org/

> This is the filter how do I tell it not to listen for ip address
> 172.16.0.175 ?
> 
> tcp[13]&3!=0 and (port 139 or port 445)

	not host 172.16.0.175 and tcp[13]&3!=0 and (port 139 or port 445)

Follow-Ups:
- [Ethereal-users] Re: sasser
  - From: Chris T.

References:
- [Ethereal-users] sasser
  - From: Chris T.

Prev by Date: Re: [Ethereal-users] Capture interfaces (loopback?)
Next by Date: RE: [Ethereal-users] AAL5 CRC decoding
Previous by thread: [Ethereal-users] sasser
Next by thread: [Ethereal-users] Re: sasser
Index(es):
- Date
- Thread