> > How is that better, really? Run tcpdump or ettercap... Either of the > > tools are off the shelf. > > And if the site is using a self-signed cert, how does a 3rd party tcpdump > manage to get a *decrypted* datastream? Yes, you can still do traffic > analysis > on the "X talked to Y with packet sizes A, B, and C" level, but you can't > look at the data.
You're missing the point of my comment: Plaintext communication => use tcpdump Encrypted without a cert => use ettercap (or something similar) Is there really a non-constant difference in difficulty? tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
