Ethereal-dev: RE: [ethereal-dev] Sniffing FAQ

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Fulvio Risso" <risso@xxxxxxxxx>
Date: Mon, 19 Jun 2000 08:37:26 +0200
Hi.
Just a note: the porting of tcpdump on Windows is at

    http://netgroup-serv.polito.it/windump/

instead of 

    http://netgroup-serv.polito.it/analyzer/

Cheers,

	fulvio

> -----Original Message-----
> From: owner-ethereal-dev@xxxxxxxx [mailto:owner-ethereal-dev@xxxxxxxx]On
> Behalf Of Guy Harris
> Sent: Sunday, June 18, 2000 09:20
> To: ethereal-dev@xxxxxxxx
> Subject: [ethereal-dev] Sniffing FAQ
> 
> 
> 	http://www.robertgraham.com/pubs/sniffing-faq.html
> 
> Written by one of the Sniffer developers:
> 
> 	0.9 Who is Robert Graham?
> 
> 	       Among other things, between 1994-1998 I worked at Network
> 	General Corporation on the Sniffer(r) Network Analyzer.  I
> 	either wrote/rewrote/ported over 300 protocol decodes for the
> 	Sniffer.  Now I'm working on an intrusion detection system that
> 	similarly does protocol analysis.  Also, I helped develop the
> 	"Certified Network Expert" exam, which was put together by a
> 	consortium of protocol analyzer/network analyzer vendors.  In
> 	the early 1990s, I help develope the RMON standard(s) and the
> 	first RMON systems.
> 
> It appears to have a fair bit of interesting information; it also says:
> 
> 	3.1 Where can I get a sniffing program for my computer?
> 
> 	       Windows
> 
> 	              Ethereal
> 	                    Ethereal is a UNIX-based program that also
> 			    runs on Windows (which means installation is
> 			    more difficult than you would expect and it
> 			    looks strange).  However, it is probably the
> 	                    best freeware solution available for sniffing
> 			    on Windows. 
> 
> 	                    It comes in both a read-only (protocol analyzer)
> 			    version as well as a capture (sniffing) version.
> 			    The read-only version is great for decoding
> 			    existing packet captures (such as the traces
> 			    that BlackICE generates). It avoids the
> 			    hassle of installing the packet capture driver.
> 
> 	                    ftp://ethereal.zing.org/pub/ethereal/win32/ 
> 
> 	                    Installation is a little difficult; 
> you'll have to
> 			    hunt around on the website in order to figure
> 			    out how to do it. 
> 
> 				...
> 
> 		UNIX
> 
> 	              UNIX solutions are generally based upon libpcap
> 		      and/or BPF (Berkeley Packet Filters). 
> 
> 	              If you have a UNIX computer, then you should be
> 		      using both tcpdump and Ethereal. 
> 
> 	              tcpdump
> 	                    The oldest and most common wiretap program.
> 			    In its simplest mode, it will dump a
> 			    single-line decode of the packets to the
> 			    commandline, one line per packet. It is the
> 	                    standard for UNIX packet capture. 
> 
> 	                    The version that seems to have the best on-going
> 			    maintainance is at http://www.tcpdump.org/. 
> 
> 	                    The original version from LBL is at
> 			    ftp://ftp.ee.lbl.gov/ 
> 
> 	                    A port for Windows has been done at
> 			    http://netgroup-serv.polito.it/analyzer/ 
> 
> 	              Ethereal
> 	                    It currently looks like this is the 
> best GUI-based
> 			    sniffing program for UNIX. It is actively
> 			    maintained. It is available at:
> 			    http://ethereal.zing.org 
>