Re: Sniffers [7:31296]
I have experience with all sorts of ones, from Distributed Sniffer Pro 4.5 down to the free ones like ethereal and eEye's one. I like ethereal the best because it's so lightwweight (Sniffer is so taxing on PC's) and can read any prodect's cap files. It does everything you need. The only problem I have is that it dosen't recognize some packets like the LOOP packet on Cisco's ethernet ports. Sniffers DSS can be useful to grab stuff off of remote networks and they sell sniffer PC's with gig fiber cards in them to sniff backbone traffic if needed. Sniffer also has an expert mode that can be helpful with problems. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sniffers [7:31296]
I've always used the Dolch products. I believe the one that I've used was a Dolch 64. You can get a variety of network card for it from 10/100, Token Ring, FDDI, and ATM. Of course the prices will vary depending on the cards, memory, etc, but they usually run around 10-15K. Not cheap, but it comes in a hardend case which packs up nicely for easy transportation. You can see their entire line at www.dolch.com. Of course if you are looking for something a little bit more inexpensive you could always get a copy of Etherpeek and load it on a PC. I've been using it of late and it works really well. You can take a look at it at www.wildpackets.com. You can also download a 30 day evaluation copy just to check out. Hope this helps! Eric -Original Message- From: Lupi, Guy To: [EMAIL PROTECTED] Sent: 1/8/2002 10:53 AM Subject: OT: Sniffers [7:31296] I was wondering if anyone had experience with sniffers, not free ones like tcpdump and tethereal, but appliances that are made for that purpose. Anyone have any suggestions and approximate prices? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31299t=31296 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sniffers [7:31296]
What are the free sniffers that you suggest to use ? Regards, Mario Rodrigues -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 08, 2002 4:02 PM To: [EMAIL PROTECTED] Subject: Re: Sniffers [7:31296] I have experience with all sorts of ones, from Distributed Sniffer Pro 4.5 down to the free ones like ethereal and eEye's one. I like ethereal the best because it's so lightwweight (Sniffer is so taxing on PC's) and can read any prodect's cap files. It does everything you need. The only problem I have is that it dosen't recognize some packets like the LOOP packet on Cisco's ethernet ports. Sniffers DSS can be useful to grab stuff off of remote networks and they sell sniffer PC's with gig fiber cards in them to sniff backbone traffic if needed. Sniffer also has an expert mode that can be helpful with problems. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31301t=31296 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffers [7:31296]
Ethereal. It's been ported from Linux to Win32. It's lightweight. But it's not perfect and can crash. www.ethereal.com If you use Windows 2000 or XP, just be sure to install the winpcap diver 2.3 beta. Otherwise 2.2 should work. http://netgroup-serv.polito.it/winpcap/ -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sniffers [7:31296]
Ethereal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rodrigues, Mario Sent: Tuesday, January 08, 2002 12:43 PM To: [EMAIL PROTECTED] Subject: RE: Sniffers [7:31296] What are the free sniffers that you suggest to use ? Regards, Mario Rodrigues -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 08, 2002 4:02 PM To: [EMAIL PROTECTED] Subject: Re: Sniffers [7:31296] I have experience with all sorts of ones, from Distributed Sniffer Pro 4.5 down to the free ones like ethereal and eEye's one. I like ethereal the best because it's so lightwweight (Sniffer is so taxing on PC's) and can read any prodect's cap files. It does everything you need. The only problem I have is that it dosen't recognize some packets like the LOOP packet on Cisco's ethernet ports. Sniffers DSS can be useful to grab stuff off of remote networks and they sell sniffer PC's with gig fiber cards in them to sniff backbone traffic if needed. Sniffer also has an expert mode that can be helpful with problems. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31306t=31296 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffers [7:31296]
Ethereal on Win32 is a great after-the-fact debugging/analysis tool Probably the best. My favorite part is not only does it open pcap files, but also GZIPPED pcap files. It supports a TON of protocols. http://www.ethereal.com/ However, as for actual packet capture and backend statistics and organization, I think tcpdump (and associated tools) on *BSD with full BPF is light years ahead of anything else. It's the only code out there given significant attention by the internet community for years. Yes, sorry, it's not a GUI by itself, but if you know what you are doing, you can extend tcpdump to all your packet capture needs with the help of maybe a few other tools out there. One only needs to do a search for tcpdump or pcap on sourceforge or freshmeat or google or some other search engine. tcpdump uses the Berkeley Packet Filter (BPF) and libpcap. http://www.tcpdump.org/ I have noticed one company that has a most interesting offering, Niksun, http://www.niksun.com/, has a product called NetVCR which seems more capable than just a web-based SnifferPro-like tool The collection and distributed features of the product seem very useful, it's more of a monitoring/statistics tool that scales to almost any traffic/bandwidth equation. This stuff may cost a lot, but it's definitely light years ahead of Distributed SnifferPro or any other commercial packet capture tool. Speaking of scaling to almost any amount of traffic, our next-generation sniffers are probably going to have to be driven by hardware. One currently possibility for this is Foundry's JetCore ASIC in their switch products. Foundry is building XRMON and sFlow (http://www.inmon.com/) software into this chip. This means you can do packet capture at multiple Gbps and get the details of every frame across the wire. Now you just have to write it to disk... -dre Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Ethereal. It's been ported from Linux to Win32. It's lightweight. But it's not perfect and can crash. www.ethereal.com If you use Windows 2000 or XP, just be sure to install the winpcap diver 2.3 beta. Otherwise 2.2 should work. http://netgroup-serv.polito.it/winpcap/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31333t=31296 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
