Cable Forum - View Single Post

MetaWraith · 10-06-2004, 23:22

Extract from http://www.iss.net/security_center/a...14/default.htm

The Packet Log and Evidence Log features of BlackICE generate files with the extension ".enc". These ".enc" files contain actual network traffic and in the case of evidence files, they contain traffic that was part of the detected attacks. These files are not readable by normal text editor programs, such as Notepad, but must instead be decoded by standard protocol analyzer programs (sniffers) that network technicians typically use to analyze network traffic.

You can find sniffers (protocol analyzers) to read the packet log and evidence log files at the following web sites:

That said, you can read some of the log in texteditors like notepad, but not much of it will make sense, unless some plain text was included in the packet that triggered the capture

10-06-2004, 23:22	#7
MetaWraith Inactive Join Date: Oct 2003 Location: 2nd CPU to the right & past the cache Posts: 1,949	Re: Getting "probed" by NTL customers..... Extract from http://www.iss.net/security_center/a...14/default.htm The Packet Log and Evidence Log features of BlackICE generate files with the extension ".enc". These ".enc" files contain actual network traffic and in the case of evidence files, they contain traffic that was part of the detected attacks. These files are not readable by normal text editor programs, such as Notepad, but must instead be decoded by standard protocol analyzer programs (sniffers) that network technicians typically use to analyze network traffic. You can find sniffers (protocol analyzers) to read the packet log and evidence log files at the following web sites: www.nai.com www.ethereal.com That said, you can read some of the log in texteditors like notepad, but not much of it will make sense, unless some plain text was included in the packet that triggered the capture