Re: Difference between Protocol Analyzers -> Packet Sniffers

From: Thomas Ptacek (tqbf_at_arbor.net)
Date: 03/29/04

  • Next message: Adam Powers: "RE: Difference between Protocol Analyzers -> Packet Sniffers" 
    Date: Sun, 28 Mar 2004 23:52:22 -0500
To: Eric Hines <eric.hines@appliedwatch.com>

    On Mar 25, 2004, at 11:32 AM, Eric Hines wrote:
    > I've only been able to articulate that Protocol Analyzers can conduct
    > protocol
    > decoding, whereas Tcpdump can not... Ethereal can provide information
    > on the
    > different fields of the HTTP header and SSL fields.... stuff like
    > that.. Anyone

    The majority of the code in tcpdump is protocol decodes. 

    ---
Thomas H. Ptacek // Product Manager, Arbor Networks
(734) 327-0000
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: Adam Powers: "RE: Difference between Protocol Analyzers -> Packet Sniffers"

    Relevant Pages

    • RE: How Network Traffic Flows – Getting Started
      ... The Address Resolution Protocol is used for this ... The workstation broadcasts a request to the devices on its network ... The workstation initiates the connection to the Web server. ... It is important to note that the tcpdump will provide different details ...
      (Security-Basics)
    • Re: Difference between Protocol Analyzers -> Packet Sniffers
      ... What’s interesting is that TCPdump can actually do ... actual tells tcpdump to increase protocol decode. ... > Ethereal is a protocol analyzer and Tcpdump is ...
      (Focus-IDS)
    • Re: gdb
      ... >> have you tried using tcpdump to monitor the connection to the cvsup server? ... > you don't know the protocol. ...
      (freebsd-current)
    • Re: Difference between Protocol Analyzers -> Packet Sniffers
      ... Using filters, one can extract any portion of data out of the ... Difference between Protocol Analyzers -> Packet Sniffers ... > Ethereal is a protocol analyzer and Tcpdump is not... ...
      (Focus-IDS)
    • Re: getting tcp packets larger than MTU, how is that possible??
      ... tcpdump knows the protocol of the datagram a fragment is part of. ... It doesn't identify the fragment as UDP, ... Each fragment contains a complete IP header, and each IP header contains the protocol number, so in /my/ reasoning nothing prevents tcpdump from printing the protocol of a fragment. ... listening on ppp0, link-type LINUX_SLL, capture size 96 bytes ...
      (comp.os.linux.networking)