> I really do not agree with this at all. Learning to use the sniffer.. any > sniffer, is at the basic level.. easy. Learning how to filter the rush of > data and get something meaningful out of it all is half skill and half black > magic ;) It takes a certain level of experience AND skill to put together a > decode filter by using signatures and boolean functions that is not taught > in very many places. And when you are dealing with viruses, napsterlike > clones, badly behaved apps and so on, it's not just knowning the TCP stack.. > it's knowing how that packet is contructed, why it is contructed that way, > why is it doing what it does and how is it doing what it does.
But how does this have to do with sniffer. The sniffer is my eye on the network. Understanding how a protocol works is the most important. Learning fancy filtering can help but knowing the protocol is most important. > I also personally know several engineers while good on routers and spouting > the OSI layers, TCP layers, etc.. are pretty useless on a sniffer for > extended troubleshooting. I really have to disagree. One of the funniest(saddest) claims I have ever heard is someone claiming, on a resume "knowledge of the OSI stack" where what they should have said "I know the names of the layers". Protocol understanding comes first, being able to do something with it is just a matter or training. I'd rather have a protocol expert and teach them how to use a sniffer than vice versa. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24178&t=24131 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
