[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Thunderbird & Gmail



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/10/08 01:09, Jonathan Addington wrote:
> With Wireshark you can filter by port. 
..
> To address the above, filter by ports, and then by your IP inside the
> packet 

Sure, filters make it easier finding stuff when you know what to look
for, but I'm not sure that's the case here. In an analysis like this we
are much more interested that which we had not anticipated. For example,
what if Thunderbird leaked DNS requests? Filtering away all but POP and
SMTP would then hide this for us.

We're not dealing with huge amounts of packets here really, perhaps a
couple of hundreds of packets at most. That's a piece of cake to go
through and will make the analysis more complete and thorough. IMHO,
when dealing with these kinds of issues filtering comes in when that's
not a realistic option.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkjr/NAACgkQp8EswdDmSVjMrwCfT2aJ7j7Cko2HhYIItj35gmrK
VW4AoOjIfgtkSPrgghm9yusAz+137GSg
=xWB4
-----END PGP SIGNATURE-----