Let's say, hypothetically, that I'm going to a large, chaotic security
conference somewhere in the United States' glorious and decadent
Southwestern republics in a few days' time. Further, let's stipulate
that folks will be doing lots of interesting things on the network
there that I might want to look at later, including but not confined
to reducing my computer to a heap of smoldering rubble. I'm hardly
going to have the time to analyze all of that interesting gubbidge in
real-time, but it sure would be nice if I had some way of filling up
this brand spanking new 20GB theoretical hard drive in my hypothetical
laptop with snarfed packets. Mmm.... packety goodness.
What's the best way to accomplish this? An init.d script that starts a
tcpdump capture for each reboot? I don't think so, largely because
tcpdump has had some security holes punched in it recently and holes
could get punched in it again by the wily and hackerly crowd I'm going
to be mingling with. Ethereal's even more complicated than tcpdump.
Tcpflow, maybe? I don't really care, as long as the captured packets
are in libpcap format on disk. Anyone got any good suggestions? All
help gratefully appreciated.
yours,
Forrest Norvell
--
. . . the self-reflecting image of a narcotized mind . . .
ozymandias G desiderata ogd@aoaioxxysz.net desperate, deathless
(415)558-9064 http://www.aoaioxxysz.com/ ::AOAIOXXYSZ::
Attachment:
pgp1tCtTqqkcL.pgp
Description: PGP signature