> I am probably posting this the "n"-th time, but I still don't
> understand why people don't want to do this in snort - it has all
> that, it is avaiilable as ethereal is (i.e. for every platform, and
> freely), and you can safely save the output in a pcap file, to
> analyze, later on, with (t)ethereal ...
>
> Stef
I'll take that as a "no", and I'll take your suggestion to try snort.
Why don't people want to do this in snort?
- I'm sure snort is a great tool, but I'm guessing most don't want, or have
the time, to go off and learn another tool, which is command line driven,
with a "rules" language, etc. etc. i like to think of myself as a fairly
bright person, and although it was fairly straightforward to install and do
simple packet capturing, and even viewing those packets in Ethereal, I have
yet to figure out how to trigger on packet fields, capture to a circular
buffer, or stop capturing based on a condition after an hour or so of
fooling around and reading the documentation.
- Ethereal is a natural and simple interface for wanting to do this type of
thing.
