> One utility I'm used to using for monitoring is Ethereal. I've seen all > of the comments from the OpenBSD user community and understand why it's > no longer available through ports. Does anyone know of a similar tool > that will work well with OpenBSD and is also secure? I need more > information in human readably form that I can get from tcpdump or > sniffit.
It is super dangerous. It went through a period of I think about 30 remote code running bugs in a few months, but bugs are always being found. It is very difficult to write 100% correct packet parsing code. Errors will be made. And exactly where you cannot afford them. For this reason, we audited tcpdump. Then we realized that errors would still be made, and we then privilege seperated it, so that the nasty code runs in a jail. The same approach could be taken by other projects towards their code, but yes, it is a fairly difficult chunk of code to write. In general we supply our user community with any tool they might want. But ethereal was becoming something so often used, so often used poorly, and so often used without any awareness as to how great the risk was. We felt we had to do something, and thus we deleted it. You can compile it up yourself. Right now, though, it is amongst the most dangerous pieces of software people are running. It is your choice..
