t exactly are you looking for? I have pcaps from intentionally
bot-infected lab machines, would that help? Feel free to contact me
off-list.
Tillmann
--
Tillmann WernerUniversity of Bonn
Phone: +49 (228) 2699-160 Institute of Computer Science IV
Fax: +49 (228) 73-4571
No, but it sounds like you are using Linux and your kernel's raw socket
interface does not support PF_PACKET. Maybe that helps.
Tillmann
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Hi Robert,
you somehow have to make sure that the kernel doesn't deal with packets
you want to take care of. If you don't, it will reset TCP connections
and reply with ICMP port unreachable messages to UDP datagrams etc. I
don't think there is a portable way to do this. Linux supports hooking
its
