Re: starting point

[Alexandros Papadopoulos <apapadop () alumni cmu edu>]

On Friday 14 April 2006 10:30, nemanja.janic () gmail com wrote:
<snip>
> look for, and i'm not sure how to interpret what i see. Where do i
> start, what papers or books do i read, in order to better understand
> what Ethereal tells me when i look at the results of monitoring. I
> played with filters, and have grown comfortable with using them, as
> well as most of the options Ethereal gives me. I think i'm ready for

TCP/IP Illustrated, Volume 1 - Stevens

Will explain everything there is to see in a standard IPv4 network.

> the next step :) Any pointers to interesting filter strings, examples
> of normal and strange traffic would really be a great help.

<snip>

I think you're touching on the notion of a network IDS here. Have a look 
at snort.

-A

-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------