On 11/25/05, Roy Morris <[EMAIL PROTECTED]> wrote: > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of > > Matthew Graham > > Sent: Friday, November 25, 2005 2:24 PM > > To: misc > > Subject: Network Analyzer > > > > > > I am fairly new to OpenBSD with significant experience with Linux. I'm > > considering switching some of our infrastructure based systems to > > OpenBSD because of the security reputation and ease of updates. > > > > One of the intended boxes is a network monitor that will go inline > > between a host and an Ethernet switch. I've configured a transparent > > bridge and it works great. The ease of this alone is impressive. > > > > One utility I'm used to using for monitoring is Ethereal. > > I've seen all > > of the comments from the OpenBSD user community and > > understand why it's > > no longer available through ports. Does anyone know of a similar tool > > that will work well with OpenBSD and is also secure? I need more > > information in human readably form that I can get from tcpdump or > > sniffit. > > > > Thank for any advice anyone can give. > > > > I just want to be sure you consider the difference between > capturing and viewing. You can as I do capture all your packets > using tcpdump and review them off the box using ethereal as > you normally would. Have you considered that option? I mean on > an alternate OS.
Well the biggest problem is that you are still viewing the capture of the potentially bad traffic that could still do things to Ethereal. It's no different than if you were just running Ethereal, unless you stress to do it as an unprivileged user, since Ethereal's biggest problem is doing too much as root. Make sure to run Ethereal against the captured data as an _unprivileged_ user and you should be OK. Jason
