Ethereal-dev: [Ethereal-dev] Another Windows-only sniffer: PacScope ...

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Richard Sharpe <rsharpe@xxxxxxxxxxxxxxxxx>
Date: Tue, 2 Sep 2003 12:53:08 -0700 (PDT)
Hi,

I was sniffing around the network and came across PacScope: 
www.pacscope.com. It seems to be better than Sniff-em, and has lots of 
pretty windows for defining things.

However, the trial version is limited in that I could not save anything, 
and could only capture for 10 seconds.

When looking at an SMB capture it was also quite limited. It did more than 
what sniffem seemed to do, however, it would not decode all of a number of 
SMB packets, like the session-setup-andX packets, and could not handle the 
security blobs at all, even though they are simply ASN.1 encoded blobs 
with NTLMSSP stuff in them. 

I imagine they would not handle DCERPC or any of the Windows RPCs.

I wonder if I have the time to put up a sniffer comparison page? I wonder 
if these commercial vendors would let me have eval versions to do so?

Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, 
sharpe[at]ethereal.com, http://www.richardsharpe.com