|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Matt Scarborough (vexversa
USA.NET)Date: Fri Apr 13 2001 - 15:04:02 CDT
On Wed, 11 Apr 2001 16:41:37 -0600, Kristofer Magstadt <MagstadtMCN.NET>
wrote:
>ok i was attacked both with trojan's and dos'ed for 5 hours lastnight and
>one of my firewalls that i use well 1 of the 3 blackice puts all its logs in
>.enc format could someone tell me how or where to get a program to open that
>file
Try opening Black Ice evidence files ( evd<yyyyMMdd-XX>.enc ) with
Microsoft's Network Monitor or NAI's Sniffer.
http://advice.networkice.com/advice/support/kb/q000016/default.htm
Also NetXray will open them after using the XRayfix utility.
http://advice.networkice.com/advice/support/kb/images/xrayfix.exe
Ethereal is one free alternative that will open the BID evidence files.
http://www.ethereal.com/
Editcap, within the Ethereal distribution, can convert BID's .ENC files to
Snoop, or the ubiquitous TCPDump formats (including RedHat and SuSe LibPcap
,et. al.) using for WIN32
editcap -Frh6_1libpcap -Tether -v evd20010412-03.enc rhv6-1.cap
Matt 2001-04-13
--____________________________________________________________________ Get free email and a permanent address at http://www.amexmail.com/?A=1
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]