On 2007/11/12 12:38, Steve Shockley wrote:
> Stuart Henderson wrote:
>> tcpdump runs the scary code in a jail.
>
> Doesn't http://marc.info/?m=117390704628262 do the same thing? I haven't
> looked at it, just saw the post.
ah, Nikns' port: this isn't a full jail, but it does drop privileges
so i
Stuart Henderson wrote:
tcpdump runs the scary code in a jail.
Doesn't http://marc.info/?m=117390704628262 do the same thing? I
haven't looked at it, just saw the post.
On Nov 12, 2007 3:09 PM, Stuart Henderson <[EMAIL PROTECTED]> wrote:
>
> On 2007/11/11 14:20, Ray Percival wrote:
> > On Nov 11, 2007, at 10:03 AM, Barry Miller wrote:
> >> Of course, if a bad guy _does_ get control of wireshark, he OWNS your
> >> network, but at least you're not totally rooted. T
On 2007/11/11 14:20, Ray Percival wrote:
> On Nov 11, 2007, at 10:03 AM, Barry Miller wrote:
>> Of course, if a bad guy _does_ get control of wireshark, he OWNS your
>> network, but at least you're not totally rooted. Take your chances.
>>
> How so? Given that all it is a frontend to libpcap. And
On 11/11/07, Siju George <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Both
>
> http://www.wireshark.org/ and http://www.wireshark.org/
>
> are not found in ports. Could somebody recommend any softwarew in 4.2
> ports that has related functionality?
I like ettercap.
On Nov 11, 2007, at 10:03 AM, Barry Miller wrote:
Of course, if a bad guy _does_ get control of wireshark, he OWNS your
network, but at least you're not totally rooted. Take your chances.
How so? Given that all it is a frontend to libpcap. And how does this
not apply to tcpdump?
--Barry
On Sun, Nov 11, 2007 at 09:13:42PM +0530, Siju George wrote:
> Both
>
> http://www.wireshark.org/ and http://www.wireshark.org/
>
> are not found in ports. Could somebody recommend any softwarew in 4.2
> ports that has related functionality?
>
If you don't mind building wireshark yourself, one w
> Could somebody recommend any softwarew in 4.2
> ports that has related functionality?
Netdude might be of some use (it's a front-end to tcpdump), but
I usually just use tcpdump directly (some tips: -vv to increase
verbosity, -X for a hex+ascii dump, -s<##> to increase snap
length to capture enti
You can look at this page :
http://www.cromwell-intl.com/unix/openbsd-dell.html
(I never try)
On Nov 11, 2007 4:43 PM, Siju George <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Both
>
> http://www.wireshark.org/ and http://www.wireshark.org/
>
> are not found in ports. Could somebody recommend any softwar
Hi,
Both
http://www.wireshark.org/ and http://www.wireshark.org/
are not found in ports. Could somebody recommend any softwarew in 4.2
ports that has related functionality?
Thank you so much
Kind Regards
Siju
On Wed, 2006-05-24 at 23:50 -0300, Kroty wrote:
> [EMAIL PROTECTED] wrote:
> > This topic usually comes up near each release. Has anyone tried the
> > 3.8 instructions below yet on 3.9?
> Why don't you try man tcpdump?
Ethereal/tethereal have functionality that tcpdump
[EMAIL PROTECTED] wrote:
This topic usually comes up near each release. Has anyone tried the 3.8
instructions below yet on 3.9?
http://www.linbsd.org/ethereal_on_openbsd38.html
Jim
Why don't you try man tcpdump?
-k
On Wednesday 24 May 2006 19:53, you wrote:
> This topic usually comes up near each release. Has anyone tried the 3.8
> instructions below yet on 3.9?
>
> http://www.linbsd.org/ethereal_on_openbsd38.html
>
> Jim
Um, how about you? Why don't you try it? Doing it really is the best
way to find out
This topic usually comes up near each release. Has anyone tried the 3.8
instructions below yet on 3.9?
http://www.linbsd.org/ethereal_on_openbsd38.html
Jim
>From http://www.incidents.org/
Yes, if you use Ethereal, it is time to upgrade. According an advisory
posted by Frsirt, 28 vulnerabilities has been identified in Ethereal
"which could be exploited by remote attackers to compromise a vulnerable
system or cause a denial of service."
28:05 -0700
From: "Eichert, Diana" <[EMAIL PROTECTED]>
To: ober <[EMAIL PROTECTED]>
Subject: RE: question related to Ethereal 10.14 port
3.8, running as root.
diana
-Original Message-
From: ober [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 17, 2006 5:24 PM
To:
OK the ownership issue is fixed.
http://www.linbsd.org/ethereal.tgz
-Ober
On Tue, 3 Jan 2006, ober wrote:
I have added the updates to create/use user _ethereal.
Also I have made use of much stricter priv dropping.
It now does all 3 states of uid/gid -> _ethereal.
You will need to chown _ether
I have added the updates to create/use user _ethereal.
Also I have made use of much stricter priv dropping.
It now does all 3 states of uid/gid -> _ethereal.
You will need to chown _ethereal /usr/local/var/_ethereal for now
as the package is not setting it right.
Also once you capture, the proces
fying the port I wrote for 0.10.12:
http://marc.theaimsgroup.com/?l=openbsd-ports&m=112616679314867&w=2
On 12/28/05, ober <[EMAIL PROTECTED]> wrote:
OK I have put together instructions for compiling ethereal 0.10.14 on
-current/3.8.
In the included patch I have added code to etherea
The proper URL is http://www.linbsd.org/ethereal_on_openbsd38.html
Sorry for the mistake.
-Ober
-- Forwarded message --
Date: Thu, 29 Dec 2005 00:25:15 -0600 (CST)
From: ober <[EMAIL PROTECTED]>
To: misc@openbsd.org
Subject: Ethereal 0.10.14 howto. Now with nobody suppo
OK I have put together instructions for compiling ethereal 0.10.14 on
-current/3.8.
In the included patch I have added code to ethereal, and tethereal to
change call setuid(uid_t nobody) after the capture device has been opened.
So once a capture has been made, the dissectors won't be ru
because I'm anal)
2005/12/12, Joachim Schipper <[EMAIL PROTECTED]>:
On Mon, Dec 12, 2005 at 08:10:43AM -0200, Ricardo Lucas wrote:
Hello misc,
Has someone compiled the ethereal? If so, you do can help me.
When I try to compile that source I get a message that I don't have the
(Fixed posting order, just because I'm anal)
> >2005/12/12, Joachim Schipper <[EMAIL PROTECTED]>:
> >>
> >>On Mon, Dec 12, 2005 at 08:10:43AM -0200, Ricardo Lucas wrote:
> >>>Hello misc,
> >>>
> >>>Has someone compiled t
hank's for the hint man. I will not install this pkg.
Thank's again.
2005/12/12, Joachim Schipper <[EMAIL PROTECTED]>:
On Mon, Dec 12, 2005 at 08:10:43AM -0200, Ricardo Lucas wrote:
Hello misc,
Has someone compiled the ethereal? If so, you do can help me.
When I try to compi
Thank's for the hint man. I will not install this pkg.
Thank's again.
2005/12/12, Joachim Schipper <[EMAIL PROTECTED]>:
>
> On Mon, Dec 12, 2005 at 08:10:43AM -0200, Ricardo Lucas wrote:
> > Hello misc,
> >
> > Has someone compiled the ethereal? If s
> Has someone compiled the ethereal? If so, you do can help me.
> When I try to compile that source I get a message that I don't have the
> GTK+2 and GLIB2 installed on my system, but I DO have they.
> So if anyone passed through this problem, please, HELP ME!!! =]
No, not fo
On Mon, Dec 12, 2005 at 08:10:43AM -0200, Ricardo Lucas wrote:
> Hello misc,
>
> Has someone compiled the ethereal? If so, you do can help me.
> When I try to compile that source I get a message that I don't have the
> GTK+2 and GLIB2 installed on my system, but I DO have
Hello misc,
Has someone compiled the ethereal? If so, you do can help me.
When I try to compile that source I get a message that I don't have the
GTK+2 and GLIB2 installed on my system, but I DO have they.
So if anyone passed through this problem, please, HELP ME!!! =]
Hugs
--
Ricardo Lucas
root.
Same can be applied to ethereal for capture.
Every other condition of just reading traces files should not be done as
root.
I use OpenBSD because on the misc@ and tech@ mailing lists I get to see
more *'s-holes than a Turkish Customs Agent. -Ober
On Thu, 8 Sep 2005, Bruno Rohee
>>>>> "Bruno" == Bruno Rohee <[EMAIL PROTECTED]> writes:
Bruno> Capturing traffic by some other mean then analysing it with
Bruno> Ethereal under an unprivileged account might be safe,
Bruno> actually capturing an analysing traffic with Ethereal
Sebastian .Rother schrieb:
Jakob Schlyter schrieb:
On Thu, 8 Sep 2005, Matt Jibson wrote:
I believe that Ethereal has improved greatly since when it was
removed from
ports.
surely, but has security improved? does it have privsep? until that
has changed, ethereal will not come back
On Thu, Sep 08, 2005 at 03:10:41PM +0200, Sebastian .Rother wrote:
> >
> >surely, but has security improved? does it have privsep? until that
> >has changed, ethereal will not come back. sorry.
> >
> >jakob
>
>
> Then drop all ports!
> Has Gn
Jakob Schlyter schrieb:
On Thu, 8 Sep 2005, Matt Jibson wrote:
I believe that Ethereal has improved greatly since when it was
removed from
ports.
surely, but has security improved? does it have privsep? until that
has changed, ethereal will not come back. sorry.
jakob
Then drop
ed message --
Date: Fri, 5 Aug 2005 11:00:59 -0500 (CDT)
From: Ober Heim <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Howto for Ethereal on OpenBSD 3.7
Now before everyone goes off half cocked about 'ohh, I read that application is
insecure!' rant, be aware that process s
34 matches
Mail list logo
