Ethereal

[Ethereal-users] Welchia FIlter
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-users: September 2004


NB: This email and its contents are subject to our email legal notice which can be viewed at http://www.sars.gov.za/Email_Disclaimer.pdf

Should you be unable to access the link provided, please contact our offices for a copy of the legal notice at 0860 12 12 14 or 27 012 422 6301



Guys,

 

I came a cross an article published by Jon Waller regarding Welchia signatures.

 

He published the following filter that will filter the “Welchia Payload”

 

icmp && icmp[0] = 8 && ip[40:4] = 0xaaaaaaaa

 

I tried this, but it seems incorrect…The icmp type must be 8 and the payload must 0xaaaaaaaa

 

I’m running Ethereal 0.10.6….Please help !!!!!!!!!!!!!!

 

Thanx

 

Jacques

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.