|
From: Richard B. <tao...@gm...> - 2008-07-14 13:04:37
|
On Mon, Jul 14, 2008 at 8:26 AM, Matt Jonkman <jo...@jo...> wrote: > Wow, that's an interesting tool (says the guy with 40k pcaps he can't share > for privacy) > > few thoughts: > > 1. Does this thing effectively handle netbios IP addresses? (Names not so > important) > > 2. How does it handle things like the user visiting showmyip.com? Can it > recognize and strip/replace that returned IP? > > As for how to verify, a hex-level search for the IP address and/or machine > name ought to be a good first step. Would need to verify that there aren't > any gzip'd posts that might contain info, etc. > > Matt > So this just occurred to me... consider the amount of parsing needed to find some or all of that. Wait, we have a tool with protocol dissectors -- Wireshark. Is there some way to combine a tool like PktAnon with the dissectors of Wireshark? Richard |
