[13175] in bugtraq
Re: Analysis of "stacheldraht"
daemon@ATHENA.MIT.EDU (Jordan Ritter)
Fri Dec 31 20:03:12 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.05.9912311430180.3058-100000@demerol>
Date: Fri, 31 Dec 1999 14:34:52 -0500
Reply-To: Jordan Ritter <jpr5@DARKRIDGE.COM>
From: Jordan Ritter <jpr5@DARKRIDGE.COM>
X-To: Dave Dittrich <dittrich@CAC.WASHINGTON.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.GUL.4.21.9912301323250.20803-100000@red5.cac.washington.edu>
# Programs like "ngrep" do not process ICMP packets, so you will not as
# easily (at this point in time) be able to watch for strings in the data
# portion of the ICMP packets (except using the patches to tcpshow from
# Appendix C and patches to sniffit provided in the analysis of TFN).
The latest version of ngrep (1.35) does in fact match ICMP, and has been out
for some time now.
--jordan
