My $0.02 here.
My group of 6 basically does only protocol analysis and troubleshooting
for a major ISP. We are constantly looking for new and better
products. So far, Ethereal wins hands down.
For post capture analysis, nothing right now beats Ethereal / Tethereal
for ease of use, completeness of decodes and flexibility. The filters
are intuitive and the tcp analysis is getting better and better.
Getting something fixed or a feature request done is amazingly fast,
depending on the request.
The only "problem" area is the capture of frames at high data rates.
For this we use ASIC based analyzers and then open the trace files with
ethereal.
My favorite vendor test is to open a 9 gig trace file on FreeBSD with
Ethereal. This trace has over 1.2 m sessions in it. I then offer the
trace file to the vendor to try and open. So far, only Ethereal can do
it.
Thank you all very much for a fantastic project.
Kevin Mason
On Sunday, April 13, 2003, at 06:18 PM, Guy Harris wrote:
On Sun, Apr 13, 2003 at 03:12:32PM +1000, Ronnie Sahlberg wrote:
i have been told that some packet analyzers out there that are so
primitive
that they can not even
reassemble dcerpc over tcp. is that true? :-)
I'm curious whether there are *any* analyzers that can reassemble all
the things Ethereal can reassemble.
I think there are some things that other analyzers handle that we don't
yet handle - I think I saw Sniffer Pro reassemble the pieces of an OSI
COTP packet, for example.
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev