| Home | Register | Members | Search | Links |
 |
| Thread Tools | Display Modes |
|
Guest
Posts: n/a
|
On Tue, 14 Sep 2004 22:37:23 -0400, jab3 wrote:
> Ian Northeast finally wrote on Tue September 14 2004 04:54 pm: > >> On Tue, 14 Sep 2004 16:22:44 -0400, jab3 wrote: >> >> >>> P.S. (Ian) - I'm learning, but I'm certainly no Shimomura at reading > tcpdumps.  >> >> When you have to, you will find ethereal very useful. It can either take >> the trace itself or use the output of tcpdump -w; either way, it will >> interpret them for you. >> >> Regards, Ian > > You know, I actually have used Ethereal a couple of times. Felt like I > was taking the easy way out (which is why I didn't mention it in earshot > of the experts  ) - so I'm glad to see that you at least condone such> tools for learning. (and then perhaps for ease of use once familiar with > the packet headers, etc, through tcpdump) Of course, if you can read > tcpdumps, I imagine you can use it on virtually any *nix system, which is > a good thing. I always use ethereal if I need to examine the packets in detail, as opposed to just checking source and destination IPs and ports etc. It's much easier. There's nothing "correct" IMO about using old fashioned cruder tools, you use the most effective tool for the job in hand. E.g. if you just want to see how much traffic is being exchanged with something tcpdump is often simplest, if you want to dissect packets bit by bit or get an easy to understand picture of whole conversations ethereal is the business. I don't know the detailed structure of an IP or TCP header. I don't need to, ethereal does. Of course, I do know where to look it up ("UNIX Network Programming" by the late W.R.Stevens). You can use ethereal on virtually any *nix system too. Even if it's not included in the base OS, it's often available on a "bonus" or some such CD, and can be compiled if it's not. The only exception I have found is on IBM's AIX, where, while ethereal is provided on one of their additional CDs, using it in packet capture mode can crash the server. So it's safest not to have it installed. On AIX I tcpdump to a file, ship the file to a Linux machine and load it into ethereal. You could do the same on any system (if any such exists) which has tcpdump but cannot for some reason run ethereal. An IP packet is an IP packet, it makes no difference what system it was captured on. Regards, Ian |
|
|
|
|||
|
|
| |
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Samba: ADMIN$ IPC or ADMIN$ Disk ??? | d | Linux Networking | 0 | 08-06-2006 04:40 AM |
| I am interested in Linux Admin, wanted to self learn, what are important things in Admin? | GS | Linux Networking | 12 | 05-01-2005 01:54 AM |
| Life as a System Admin... | Newaccttt | Linux Networking | 8 | 11-26-2004 01:57 PM |
| Admin and System Shares Disappearing | Joe Mandala | Windows Networking | 1 | 04-22-2004 08:13 PM |
| Network admin | Robert Bradley | Windows Networking | 1 | 07-29-2003 03:49 AM |
Linear Mode
