Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 11 Dec 1996 14:35:26 -0700 (MST)
From:      Softweyr LLC <softweyr@xmission.com>
To:        msmith@atrad.adelaide.edu.au (Michael Smith)
Cc:        security@freebsd.org
Subject:   Re: Risk of having bpf0?
Message-ID:  <199612112135.OAA15103@xmission.xmission.com>
In-Reply-To: <199612110634.RAA22676@genesis.atrad.adelaide.edu.au> from "Michael Smith" at Dec 11, 96 05:04:36 pm
next in thread | previous in thread | raw e-mail | index | archive | help 
Wes Peters stands accused of saying:

% Better yet, get some sort of sniffer package to run on another system.
% We use Ether Peek for Macintosh and Win95 at work, both seem to work
% well.  In addition to *not* opening up your important machines to hack
% attacks, such a tool will also let you look at non-IP activity, bare
% ethernet activity, and let you examine the output of a machine that
% seems to be going sick in the ether adapter.

Mike Smith answered:
> Tcpdump does all this and lots more; the filter language is pretty powerful.
> 
> The fact that it knows how to interpret lots of protocols and that you
> can extend it (courtesy of the source and an easy internal interface)
> puts it over anyuthing else I've seen yet.

EtherPeek does all of those things, understands most of the common
protocols run over ethernet inlcuding IP, IPX/SPX, AppleTalk, DECnet,
and XNS; allows you to display packets from specified machines or
protocols in different colors, will display machine names by ethernet,
IP, DECnet, etc. address, all those wonderful things.

EtherPeek costs money - I think it's $495.  At the same time, you can
put a machine containing EtherPeek on your network and nobody can hack
their way into it over the network and use it against you, since it is
running on MacOS or Win95.  If you can lose more than $495 in an
attack, it should be pretty easy to justify.  We put it on laptops,
which make wonderful diagnostic tools.  ;^)

-- 
          "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                       Softweyr LLC
http://www.xmission.com/~softweyr                       softweyr@xmission.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612112135.OAA15103>