[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: UDP and data retention




This is off-topic, but isn't UDP making data retention more difficult
than TCP/IP.

I don't see how ..

"tcpdump -s 1514 -w evidence.pcap ip proto \\udp"

is any harder than ..

"tcpdump -s 1514 -w evidence.pcap ip proto \\tcp"

Now I guess you could rig a communications "network" that dealt entirely in header-source forged UDP packets, but as best practices dictate (not the everybody follows them) .. one should filter egress of packets with a source address not within your netblock.

Cheers,

Michael Holstein
Cleveland State University