Path: utzoo!attcan!uunet!ncrlnk!ncr-sd!hp-sdd!hplabs!ucbvax!LINDY.STANFORD.EDU!hjs
From: hjs@LINDY.STANFORD.EDU (Harry Saal)
Newsgroups: comp.protocols.tcp-ip
Subject: Does anyone have packet traces taken during Viral spread phase?
Message-ID: <8811141442.AA05939@ucbvax.Berkeley.EDU>
Date: 9 Nov 88 09:16:27 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 13


I would be very interested in receiving any network packet traces taken
while the recent worm hopped about and (re)infected multiple machines
connected by LAN connections/routers.  We would like to see to what
degree the externally visible network traffic stood out from the 
"normal" traffic.  The goal would be to be able to provide earlier warnings
of anomalous behaviour than having a system choke itself to death, and then
try to take action.  For example, I am interested in any observations
as to whether average activity took a nose dive (as other processes clogged
up) or increased (due to the agressive attempts to spread itself).

Any formats of actual traces are of interest (assuming they are described
in some .h file - like fashion somewhere).