From owner-freebsd-security  Tue Dec 10 22:35:02 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id WAA21259
          for security-outgoing; Tue, 10 Dec 1996 22:35:02 -0800 (PST)
Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id WAA21239
          for <security@freebsd.org>; Tue, 10 Dec 1996 22:34:55 -0800 (PST)
Received: (from msmith@localhost) by genesis.atrad.adelaide.edu.au (8.8.2/8.7.3) id RAA22676; Wed, 11 Dec 1996 17:04:37 +1030 (CST)
From: Michael Smith <msmith@atrad.adelaide.edu.au>
Message-Id: <199612110634.RAA22676@genesis.atrad.adelaide.edu.au>
Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system)
In-Reply-To: <199612110627.XAA00240@obie.softweyr.com> from Wes Peters at "Dec 10, 96 11:27:12 pm"
To: softweyr@xmission.com (Wes Peters)
Date: Wed, 11 Dec 1996 17:04:36 +1030 (CST)
Cc: msmith@atrad.adelaide.edu.au, security@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Wes Peters stands accused of saying:
> 
> Better yet, get some sort of sniffer package to run on another system.
> We use Ether Peek for Macintosh and Win95 at work, both seem to work
> well.  In addition to *not* opening up your important machines to hack
> attacks, such a tool will also let you look at non-IP activity, bare
> ethernet activity, and let you examine the output of a machine that
> seems to be going sick in the ether adapter.

Tcpdump does all this and lots more; the filter language is pretty powerful.

The fact that it knows how to interpret lots of protocols and that you
can extend it (courtesy of the source and an easy internal interface)
puts it over anyuthing else I've seen yet.

> Wes Peters                                                       Softweyr LLC

-- 
]] Mike Smith, Software Engineer        msmith@gsoft.com.au             [[
]] Genesis Software                     genesis@gsoft.com.au            [[
]] High-speed data acquisition and      (GSM mobile)     0411-222-496   [[
]] realtime instrument control.         (ph)          +61-8-8267-3493   [[
]] Unix hardware collector.             "Where are your PEZ?" The Tick  [[