View Full Version : Ethereal packet sniffer and (*.cap) capture files?????

05-04-2004, 03:51 AM
I want to view a certain capture file and see what's happening. I want to userstand the attack and explain how the overlapping IP fragments are be used but i have no clue.

Does anybody know anything about this or know more about it and can inform me on some information about this as to what is going on??? I have no idea how to know what is happening here in this file and was looking for some answers or a website that can teach me.

05-04-2004, 08:04 PM
Your question is very vague..
You want to know how to look at the .cap files? Just open them in Ethereal.
You want to know if you are being attacked? This could be very hard to determine
You want to find out how to identify a particular attack when you know that its in the .cap file? You need to understand how the attack works, then look for patterns/clues in the packets.

If it is just a homework excercise (network security course), then read as many sources about that attack as possible to gain an understanding.

If it is not, post the cap file here and maybe some of us can take a look and confirm.

btw, If you are not trying to detect an attack programmatically by looking at the cap file, this topic does not belong in programming section. Maybe a mod can move it to computer/pc discussions to give it more exposure?