How can i filter out banner grabbing activities on pcap file ? Should it be on port 80 or 25 ? asked 20 Dec '16, 19:05  doran_lum |
One Answer:
Presumably "banner grabbing" means inspecting the responses from servers such as http or smtp to determine what info the server sends in response to a connection (hint: the servers can pretty much send whatever they like). If this is the case then use the port (or protocol) filter appropriate for the protocol, e.g. 80 for http (or it might be 8080 or something else entirely) or 25 for smtp. answered 21 Dec '16, 02:21  grahamb ♦ |
