Richard,
I had a similar problem in the past...
The SEBEK packet dissector doesn't implement any extra control on the
content of the packet, and basically dissect all the packets that are
sent on the wire with the condition udp.port=1101
To avoid those kind of problem, you can disable the Sebek packet
dissector in two ways:
1. From Ethereal: menu Analyze -> Enabled protocols
2. by creating a file called 'disabled_protos' under /usr/share/ethereal
(or, for Windows in
C:\Program Files\Ethereal or wherever Ethereal is installed)
containing the list separated by newline
of the disabled protocols (in this case the word 'sebek' all lower case).
(by using this method you will completely hide the sebek from
Ethereal, even from the "Enabled Protocols" dialog box).
Fabrizio
Richard.Webster@xxxxxxxxxxxxxxxxxx wrote:
I was hoping you could tell me how Ethereal determines if a packet is
a SEBEK packet. Is it simply the UDP destination port? We are seeing
SEBEK traffic on our LAN and are responding as if we have a security
problem but I think the traffic is actually Tibco. I am trying to
access how much I can trust Ethereal's determination that this traffic
is SEBEK. Any advice would be appreciated. Thanks, Rich
*Richard Webster*
908-231-2807
------------------------------------------------------------------------
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
