Re: about this mailing list

[Michael Bernstein <mb_jobs () yahoo com>]

Hey Guy - I respect your talents and devotion, an MIT graduate. That's great, because I could never get into that 
college, except I make more money than you. MIT sucks, if you don't do anything with it, that pays. Example = Scott 
Morris 4x CCIE & JNCIE, MIT sucks compared to him!!!  I could put you in touch with him for some advice. :)

I know about PCRE. I worked for NetSec as a security analyst, bought by MCI/VZB for 105 million cash. I've worked with 
the best of the best (while you were attending college at MIT) including Dan F. who finds the new threats like the AOL 
IM worm, reverses them in 15 minutes, and then hides from cameras when the News Channels come, even still in suit & 
tie b/c he doesn't want to expose himself to blackhats - he was a Linux developer for the Alpha platform. The DDoS 
prevention group, Service provider based on Juniper T series ISIS topologies, use BPF filters b/c all they are 
concerned about are floods and high speed packets. They don't use PCRE, because they can write their own code around 
BPF b/c flood traffic is expected. It's about how you divert it, send it thru a GRE tunnel & end it, and contain it 
in a remediation network for reverse engineers to analyze for new trends and new code, protect customers (something 
worthwhile). I wasn't talking
 about lame IDS signatures. Bring up a better subject like anomaly detection and mathematics.

IPS sucks. It's "high risk high reward" or actually a low reward for the risk, and should never be used, only for the 
most naive small business. I've seen it cause millions of dollars of loss. IPS is NOT good period. The leader is 
TippingPoint, a 3com company, what a resurgence! Good for them to stand up to Cisco and Juniper giants! While you 
"GUY"s are on the sidelines, pun not intended :) Buy a Firewall and start an MSSP if you're that good!!! Call it "GUY"s 
network! :) priorities include "finding about how TCPdump works" :) from MIT

I respect TCPdump for having the most native abilities to capture raw traffic. Wireshark is good too, especially since 
you can plug-in a TACACS+ key and have it decrypt the traffic. But that's about it. Who cares about what bits are set 
in IP header, oh, you're too kernel level to care? If you design the next traffic protocol analyzer, or patent or a 
product around it then I'll give you some credit. Call it "GUY"s protocol analyzer.

Obviously, you guys are a kernel level developers, understanding system calls and all that stuff. How does that really 
benefit you, or your career? Not much. You're not going to make as much as a CCIE like myself. Not really. But you do 
it because you love it and it's your passion. I get bored when I try and read a useful thread.

One thing I like is when engineers argue over who is better. I have obviously lost this argument *here*, so I should 
maybe leave the list? You guys are obviously smarter than me. I can't figure it out. What's the goal here? 

Do you expect your recommendations to be released in the latest TCPdump binary? 

My problem is I can't figure out why the -G option doesn't work when I compile under BSD. Do I need to compile it under 
Linux to have the -G option work - it still doesn't? tcpdump 3.9.8 doesn't work as the man page says. What does 
./configure produce, who cares.

Thanks bro. I don't mean to doubt you. I never wanted to be a CCIE. But that's just where my career began. It's stupid 
b/c you guys are probably smarter than any CCIE. So why didn't you choose that path to making money? I can understand 
if you made the money, and then went on to pursue those things that make you "tick". But most of you probably are 
worthless computer geeks. I'm a geek at least I get paid for it and invest my time in things that make sense. I'm an 
asshole. Ever watch the TV series HOUSE? 

Maybe you have a different weird uncanny agenda. That's fine. I respect it. But why? Why waste your time. We all want 
to achieve. Guy, I bet you're not even a lead TCPdump developer. Why. Maybe you should take a different path that leads 
you to success. Am I making any sense. That diploma from MIT sucks, because you don't do anything with it. Why don't 
you develop Internet3 instead of talking in dead mailing lists.

I really have no one tonight to lash out at tonight so that's the reason I like to pick on an MIT graduate. :) What 
makes you tick. For this? Is it that great. I heard about you.

Bernstein, CCIE Security, CCNP, JNCIS, GSEC, GCFW, GCIA, GCIH, CISSP, PMP, IAM, CCSE+, SCSA, CNE+, MCP, BCs.

- if you have any questions about internetworking send them my ways. I'm really not a jerk. Just a bad day... :>) 
And anyway, GUY can't answer them cause he's  the "Lead Kernel developer for TCPdump". A bigger winner here!

GUY - So why doesn't the -G option work? Yeah wireshark is network protocol analyzer -  buy a fluke box for 30k if 
you're that interested in responses and interpreting them? How about explaining what type of response you want from a 
sniffer? How can it be useful? How about a response that says, what the hell do you want from me, a better packet 
sniffer? Excellent! What do you know about Voice or SCCP? Do you know about IP Telephony prolly not cause you have your 
nose stuck in how does TCPdump work? Who cares if you can't relate it to modern day networks? Get that Alpha or VMS 
platform working with TCPdump. That's lame. Get a Linux box loser.

Sorry for being as ass, but really, I'm jerk. I don't dislike anyone here. I just like to find out what's make you 
"tick"? Go get a CCNP or CCIE and you'll have a higher ROI.

So Guy, you think you're better b/c you graduated from MIT. MIT sucks if you didn't develop Kerberos. Get a life. Why 
don't you learn something about TAG Stacking or QinQ. something more interesting than a  mailing list that says 
"why doesnt TCPdump work for VMS. Get modern loser. Go get a job at J&J.

I'll wait on a response from an MIT loser who probably is from China and doesn't abide by Copyright laws, b/c he can't 
invent anything.
 

--- On Thu, 6/12/08, Guy Harris <guy () alum mit edu> wrote:
From: Guy Harris <guy () alum mit edu>
Subject: Re: [tcpdump-workers] about this mailing list
To: tcpdump-workers () lists tcpdump org
Date: Thursday, June 12, 2008, 6:35 PM

On Jun 12, 2008, at 2:56 PM, Eloy Paris wrote:

> However, other applications may want to do more than capturing,
> dissecting, and presenting results, like capturing packets and then
> taking some action, like sending a response back, or performing some
> type of analysis that tcpdump and wireshark can't do. Other  
> applications
> may even want to do less than tcpdump and wireshark do.

For example, it might barely be possibly to try to make Wireshark into  
an intrusion detection system, but you probably won't like the IDS you  
get from that exercise; Wireshark is designed as a network analyzer  
for a human to use, not as an IDS checking for intrusion-style  
problems in the background.  It does more than an IDS needs in some  
cases, and less than an IDS needs in others.

Snort and Bro, for example, are IDSes that use libpcap.

> See http://www.tcpdump.org/related.html for a list of related  
> projects,
> some of which use libpcap for some function.

And see the Wikipedia page for libpcap and its Windows port WinPcap:

        http://en.wikipedia.org/wiki/Pcap

for some other programs that use libpcap/WinPcap.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


      -
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.