Ethereal-users: Re: [ethereal-users] Evaluation of a LAN-Sniffer
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Thu, 23 Dec 1999 02:03:00 -0800
> I'm looking for a LAN analyser for our daily work here in Ascom. I > checked also such tools on pc side, e. g. shomiti and NetXRay. ...both of which are Windows applications. Note that, whilst versions of Ethereal have been built to run on Windows in the past, the current version doesn't build as a Windows application if you use tools such as Visual C++, although there is somebody who has been working on making it build as a Windows application using Cygnus' tools, and we will probably try getting it to build as a Windows application with Visual C++ as well. Thus, unless somebody has a version that could be built for Windows, or a binary built for Windows, you'd have to run an operating system such as a Linux distribution, or one of the BSDs, or Solaris x86, in order to run Ethereal on a PC. (I don't know if anybody's gotten it to run on, say, SCO UNIX or Unixware.) > What are the hardware requirements for a pc to use ethereal? What speed > should the clock have if I want to analyse a 100M Ethernet? I have a fairly powerful PC at home, and my only network is an 10Mb Ethernet to an ADSL modem with relatively low levels of traffic, so I can't answer your question from personal experience. Perhaps somebody else on the list can answer that.... > And how big should my memory be, 32MB, 64MB or 128MB? Again, I can't answer that myself; however, Ethernet does *not* require that the entire capture be buffered in memory - it writes the capture to a file as it's captured - so more memory would help primarily by reducing the amount of paging (leaving more memory bandwidth for the CPU, for network traffic, and for writing the capture data to disk - unless the capture was to a temporary file on an "in-memory" or "in-virtual-memory" file system, in which case that I/O is, in effect, paging, and if the capture fit entirely in memory, it wouldn't necessarily be paged to disk). > What kind of PPP is supported? The support for PPP primarily depends on the support the OS provides for capturing PPP data in an application; in this case, I think Linux's support may be more limited than the support that the BSDs offer, as the Linux mechanism for capturing in an application data going to and from a network only lets you see IP traffic going to and from the network, not any PPP control protocols, while I *think* the BSDs will let you capture control protocols such as LCP. > Is PPP(PAP) also supported? Unfortunately, we don't yet have a dissector for PAP; we have dissectors for: IPv4 IPv6 Appletalk IPX Banyan Vines Multilink PPP LCP (or, at least, many of the LCP options) IPCP (or, at least, many of the IPCP options) but not any other protocols running atop PPP. > Where can I get an overview for all supported protocols? Well, here's a list generated from the list of protocols for which we have dissectors (generated, for those who are curious, by ethereal -G | more | egrep '^P' on the current version from the CVS tree - this means that not all these protocols are supported in the current 0.7.9 version, although an 0.8.0 version will probably be coming out soon that will support all of them); we don't necessarily dissect *all* of the stuff supported by the protocols in question, however: Appletalk Address Resolution Protocol Andrew File System (AFS) Address Resolution Protocol Appletalk Datagram Delivery Protocol Appletalk Name Binding Protocol Appletalk Routing Table (RTMP) ATM (but we don't support live capture, just reading captures from some other programs) ILMI ATM LANE Border Gateway Protocol Bootstrap Protocol (and DHCP) (ONC RPC) Boot Parameters Spanning Tree Protocol Cisco Discovery Protocol Domain Name Service Ethernet Fiber Distributed Data Interface File Transfer Protocol General Inter-ORB Protocol Generic Routing Encapsulation Hypertext Transfer Protocol Internet Control Message Protocol v6 Internet Cache protocol ICQ Protocol Internet Message Access Protocol Internet Group Management Protocol Internet Protocol Internet Control Message Protocol Enhanced Interior Gateway Routing Protocol Internet Printing Protocol Authentication Header Encapsulated Security Payload IP Payload Compression Internet Protocol Version 6 Internetwork Packet eXchange Sequenced Packet eXchange IPX Routing Information Protocol IPX Message Service Advertisement Protocol Internet Relay Chat Internet Security Association and Key Management Protocol (OSI) CLNP ISIS ISIS hello ISIS lsp ISIS csnp ISIS psnp Link Access Procedure Balanced (LAPB) (but I don't know that we support live capture on X.25) Link Access Procedure, Channel D (LAPD) (but I don't know that we support live capture on ISDN) Lightweight Directory Access Protocol Logical-Link Control Line Printer Daemon Protocol MAPI (ONC RPC) Mount Service NetBIOS over IPX NetBIOS Name Service NetBIOS Datagram Service NetBIOS Session Service NetWare Core Protocol Network File System Network Lock Manager Protocol Network News Transfer Protocol Network Time Protocol Open Shortest Path First Protocol Independent Multicast Post Office Protocol (ONC RPC) Portmap Point-to-Point Protocol PPP Multilink Protocol Q.2931 Q.931 Radius Protocol Routing Information Protocol RIPng (ONC) Remote Procedure Call Resource ReserVation Protocol (RSVP) Real Time Streaming Protocol (AFS) RX Protocol Session Description Protocol Server Message Block Protocol Microsoft Windows Browser Protocol (atop SMB) Microsoft Windows LanMan Protocol (atop SMB) Systems Network Architecture (only atop 802.2 LLC) Simple Network Management Protocol Service Location Protocol SSCOP (for Q.2931) (ONC RPC) Status Service TACACS Transmission Control Protocol Telnet Trivial File Transfer Protocol Token-Ring Token-Ring Media Access Control User Datagram Protocol Async data over ISDN (V.120) 802.1q Virtual LAN Web Cache Coordination Protocol (Berkeley) Who X.25 Extended X.25 (modulo 128) Yahoo Messenger Protocol Yellow Pages Bind Yellow Pages Service Yellow Pages Transfer Cisco Auto-RP Cisco Hot Standby Router Protocol NetBIOS ISO CLNP ISO COTP Session Announcement Protocol Transparent Network Substrate Protocol Virtual Router Redundancy Protocol The only link-layers I *know* we can capture are Ethernet, FDDI, and Token-Ring; there may be others, although that may depend on the OS on which you're running Ethereal. Various of the Etherel developers can probably give you a more detailed description of what we can decode in various of those protocols. > Thanks in advance. I wish you merry x'mas and a happy new year and no > Millennium bugs....;-) And a Merry Christmas and Happy New Year/Century/Millenium(?) to you as well; I don't know of any millenium bugs in Ethereal, although I'm going to go check that when we call the UNIX "localtime()" or "gmtime()" routines to convert year/month/day/hour/minute/second to an internal time value, we pass the year as 1998, 1999, 2000, 2001, etc. rather than 98, 99, 100, etc. - doing the latter means 2000 won't be recognized as a leap year.... Sorry I couldn't answer your questions about the hardware requirements; perhaps somebody else on the list can give you a better answer.
- References:
- [ethereal-users] Evaluation of a LAN-Sniffer
- From: Christoph Burger
- [ethereal-users] Evaluation of a LAN-Sniffer
- Prev by Date: [ethereal-users] Evaluation of a LAN-Sniffer
- Next by Date: [ethereal-users] HP-UX 11.0 and capturing permission problem
- Previous by thread: [ethereal-users] Evaluation of a LAN-Sniffer
- Next by thread: [ethereal-users] I've got a problem
- Index(es):
