Ethereal-dev: Re: [Ethereal-dev] Checking out Sniffer ...

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Ronnie Sahlberg" <sahlberg@xxxxxxxxxxxxxxxx>
Date: Tue, 5 Mar 2002 21:29:51 +1100
Well,
in my own completely made up classification i would classify sniffer and to
some extent also netmon
more as being "network monitoring tools" providing you with lots of features
like traffic graphing and such
but (i belive) severly lacking in other areas.

in my personal experience the most important important feature for myself
regarding ethereal is the
display filter feature, something which makes ethereal in my experience the
only tool i have tried that
makes it possible to even start looking at say >100.000 packet captures to
search for interoperability
problems/protocol implementation bugs.
the expressive syntax on how to use display filters in ethereal is why i
would classify it as a protocol analyzer instead of a network monitoring
tool.

any features similar in ease of use and usefulness to the display filters
are features that have eluded me completely
in sessions using other tools.
i hope this is because i couldnt find how to use those features in those
tools, and not that they are missing.

feel free to disagree.
    ronnie sahlberg


----- Original Message -----
From: "Guy Harris"
Sent: Tuesday, March 05, 2002 9:16 PM
Subject: Re: [Ethereal-dev] Checking out Sniffer ...


> On Tue, Mar 05, 2002 at 09:13:15PM +1100, Ronnie Sahlberg wrote:
> > sniffer is not a packet/protocol analyzer. ethereal is.
>
> Eh?  How is the Sniffer software not a protocol analyzer?