Let's say, hypothetically, that I'm going to a large, chaotic security conference somewhere in the United States' glorious and decadent Southwestern republics in a few days' time. Further, let's stipulate that folks will be doing lots of interesting things on the network there that I might want to look at later, including but not confined to reducing my computer to a heap of smoldering rubble. I'm hardly going to have the time to analyze all of that interesting gubbidge in real-time, but it sure would be nice if I had some way of filling up this brand spanking new 20GB theoretical hard drive in my hypothetical laptop with snarfed packets. Mmm.... packety goodness.
What's the best way to accomplish this? An init.d script that starts a
tcpdump capture for each reboot? I don't think so, largely because
tcpdump has had some security holes punched in it recently and holes
could get punched in it again by the wily and hackerly crowd I'm going
to be mingling with. Ethereal's even more complicated than tcpdump.
Tcpflow, maybe? I don't really care, as long as the captured packets
are in libpcap format on disk. Anyone got any good suggestions? All
help gratefully appreciated.
yours,
Forrest Norvell
--
. . . the self-reflecting image of a narcotized mind . . .
ozymandias G desiderata [EMAIL PROTECTED] desperate, deathless
(415)558-9064 http://www.aoaioxxysz.com/ ::AOAIOXXYSZ::
pgpi3LwssqH54.pgp
Description: PGP signature
