We have a large network and are currently going through the process of becoming PCI compliant. We use a leading performance management tool that has distributed sniffing capabilities. They are about to deliver to us the capability of globally limiting captures on specific ports, urls, or ip addresses for networks segments known to carry credit card data to everything but the payload itself (even though encryption is used).
Many of us also love to use Wireshark for trouble-shooting problems. The question was posed if Wireshark can be limited in similar ways. Of course all of this is policy driven as a rogue admin with access to specific systems would surely be able to fire up his own unrestricted copy. So assume that this will be used by network administrators who want to follow policy and use the approved tools. My thoughts were implementing something at the pcap level so all of my favorite tools that use pcap will become acceptable. I know this probably seems like a really dumb question to most and I have thought of many things that would make this very difficult to implement. Future updates would become a nightmare (unless the capability was implemented in the official release). I guess I am interested to hear if any of you have had to deal with PCI compliance and if there is a better approach to this. I don't want to lose my favorite tools (I don't know that I will at this point but I think there is great potential for it). Visions of nailing Jello to a tree keep popping into my mind for some reason. Thanks for any input on this! ____________________________________________________________________________________ 8:00? 8:25? 8:40? Find a flick in no time with the Yahoo! Search movie showtime shortcut. http://tools.search.yahoo.com/shortcuts/#news _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
