Re: [Sguil-users] Ethereal on Sguil
Status: Beta
Brought to you by:
bamm
From: Joe <js....@gm...> - 2007-02-28 22:23:41
|
jud...@as... wrote: > > Greetings, > > Now that Ethereal has been repackaged as Wireshark, do I need to do > anything different when pointing the conf file to it? > Make sure you run an updated version of Wireshark, since its protocol decoders have a security record like that of wu-ftpd. In other words, you can be owned just by sniffing "bad" traffic. I've yet to visit a network admin's workstation that was running an up to date version of wireshark. Most still run ethereal...LOL. Ethereal hasn't been fixed since April 2006 and there have been 4 releases of wireshark since ethereal development ended...all of which are security related. |