Thanks alot for the wonderful reply Harris..was really useful. And ya, the final question i did not make it very clear. Hardware dependencies in the sense that kind of device drivers ar network adapetrs (NICs) a sustem has. I done really know whether the packet capturing softwares have anything to do with these hardware modules. So, wanted to understand.
On Sun, Mar 4, 2012 at 2:20 AM, Guy Harris <g...@alum.mit.edu> wrote: > > On Mar 3, 2012, at 7:12 AM, Krishnamurthy Mayya wrote: > > > Just wanted to understand in what way these 2 (MS network monitor and > Wireshark) differ?? > > Well, there are several ways in which they differ. Some of them are: > > 1) Wireshark is released under the GNU Public License; its source > code is available to all, and if anybody makes a modified version of > Wireshark available, they must make it available in source form to > everybody to whom they make it available in binary form (see the GPL, > Version 2: > > http://www.gnu.org/licenses/old-licenses/gpl-2.0.html > > and the FAQ about it: > > http://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html > > for a more detailed and perhaps more correct explanation). It > is available at no cost. > > Microsoft Network Monitor (henceforth referred to as "NetMon") > is available at no cost, but its source code is not available. > > 2) Wireshark dissects packets by directly executing code, written > in C, Lua (for versions of Wireshark built with Lua) or, I think, Python > (for versions of Wireshark built with the Python interpreter); a > third-party plugin: > > http://wsgd.free.fr/ > > allows packet formats to be described in a packet description > language. Tools exist to transform some packet description languages > (ASN.1, Samba's PIDL interface description language for DCERPC/MSRPC, CORBA > IDL) into C code. > > NetMon dissects packets by using packet descriptions written in > NetMon's own packet description language. > > 3) Wireshark runs on Windows and a number of UN*Xes (Linux > distributions, *BSD, Mac OS X, Solaris, HP-UX, AIX, etc.). > > NetMon runs only on Windows (it might be able to run, without > support for packet capture, on x86 UN*Xes under Wine). > > 4) Wireshark can read capture files in a number of formats, > including both pcap and pcap-NG format, as well as various formats from > other packet analyzers, including NetMon format. > > NetMon can read both its native format and pcap format; it > supports some features of its native format that Wireshark does not > (including, at present, frame comments). > > > I just noticed that wireshark uses winPcap where as the other uses NDIS. > > Actually, they both use NDIS. As far as I know, Microsoft don't provide > any way of directly accessing NDIS drivers from userland, so WinPcap > includes > > 1) a driver that connects to NDIS and provides I/O operations that > can be accessed from userland; > > 2) a low-level userland library that accesses that driver > (packet.dll); > > 3) a version of libpcap that uses that low-level userland library > (wpcap.dll). > > I don't know how NetMon plugs into NDIS; I suspect it installs its own > driver with its own userland code that accesses it. > > > Any more thoughts on this?? > > NetMon, on Windows Vista and later, plugs into NDIS 6, which means it can > support capturing in monitor mode. I don't know whether WinPcap's driver > could plug into NDIS 6; if it did, it could also support monitor mode > (using the already-existing libpcap APIs for that, which Wireshark 1.6 and > later use if available, so the existing tcpdump/WinDump, dumpcap, TShark, > and Wireshark UI would also work). > > NetMon might also plug into NDIS in a different fashion from the WinPcap > driver, which might allow it to capture on PPP devices such as mobile phone > modems and VPN connections. However, there might also be NetMon-specific > hooks in the Windows networking stack, so that *only* NetMon can plug into > NDIS in that fashion; I seem to remember a discussion with the WinPcap > developers in which they'd discovered that Windows was looking for a driver > with a particular name (I think the name included "bh" for "Bloodhound", > which I think was the internal code name/project name for NetMon). > > > Is there any other hardware kind of dependencies present?? > > Hardware dependencies of what sort? > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe