Ethereal-dev: Re: [Ethereal-dev] Another Windows-only sniffer: PacScope ...
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Ronnie Sahlberg" <ronnie_sahlberg@xxxxxxxxxxxxxx>
Date: Wed, 3 Sep 2003 08:17:34 +1000
> I wonder if I have the time to put up a sniffer comparison page? I wonder > if these commercial vendors would let me have eval versions to do so? Such a comparasion would be very useful. Some items useful for comparasion: PDU reassembly: Can it reassemble AIM PDUs spanning multiple TCP Can it reassemble ATP PDUs spanning multiple TCP Can it reassemble BGP PDUs spanning multiple TCP Can it reassemble CLNP PDUs Can it reassemble COPS PDUs spanning multiple TCP Can it reassemble DCERPC PDUs spanning multiple TCP Can it reassemble DCERPC Fragments into full DCERPC PDUs Can it reassemble DCERPC PDUs spanning multiple SMB named pipe Trans/Read/Write calls Can it reassemble DIAMETER PDUs spanning multiple TCP Can it reassemble DNS PDUs spanning multiple TCP Can it reassemble DSI PDUs spanning multiple TCP Can it reassemble multi-sequence FibreChannel PDUs Can it reassemble FCIP PDUs spanning multiple TCP Can it reassemble GRYPHON PDUs spanning multiple TCP Can it reassemble 802.11 PDU fragments Can it reassemble IPv4 PDU fragments Can it reassemble IPv6 PDU fragments Can it reassemble iSCSI PDUs spanning multiple TCP Can it reassemble KERBEROS5 PDUs spanning multiple TCP Can it reassemble LDAP PDUs spanning multiple TCP Can it reassemble LDP PDUs spanning multiple TCP Can it reassemble MySQL PDUs spanning multiple TCP Can it reassemble NBSS(NetBIOS over TCP) PDUs spanning multiple TCP Can it reassemble NCP PDUs spanning multiple TCP Can it reassemble NDMP PDUs spanning multiple TCP Can it reassemble NDMP fragments into NDMP PDUs Can it reassemble NDPS PDUs spanning multiple TCP Can it reassemble NDPS PDUs spanning multiple SPX Can it reassemble NetBIOS PDUs Can it reassemble Q.931 PDUs spanning multiple TCP Can it reassemble ONC-RPC PDUs spanning multiple TCP Can it reassemble ONC-RPC Fragments into a full ONC-RPC PDU Can it reassemble RSYNC PDUs spanning multiple TCP Can it reassemble SKINNY PDUs spanning multiple TCP Can it reassemble SMB Transaction Payloads Can it reassemble SMTP PDUs spanning multiple TCP Can it reassemble fragmented SNA BIUs Can it reassemble SSH PDUs spanning multiple TCP Can it reassemble SSL PDUs spanning multiple TCP Can it reassemble TDS PDUs spanning multiple TCP Can it reassemble TNS PDUs spanning multiple TCP Can it reassemble TPKT PDUs spanning multiple TCP Can it reassemble X.25 PDUs Can it reassemble X11 PDUs spanning multiple TCP Can it reassemble X.25 Over TCP PDUs spanning multiple TCP Then we can move on to more interesting protocols: Can it dissect DCERPC/LSA Can it dissect DCERPC/SAMR Can it dissect DCERPC/NETLOGON ... fill in with all the other dce interfaces we support Can it dissect NFSv4 ... fill in with all the other oncrpc interfaces we support Can it dissect AFS Can it dissect NDMP Can it dissect iSCSI Can it dissect iSNS Can it dissect h.323 Can it dissect h.225 Can it dissect h.245 Can it dissect FibreChannel Can it dissect FibreChannel Name Server ... add all the other fc related protocols Can it dissect SMB properly Can it dissect SCSI-CDB ... add all the other interesting protocols noone else can handle Then we can check: Can it create ONC-RPC Service Response Time tables Can it filter for ONC-RPC Service Response times? Can if flag/colorize ONC-RPC Service Response in different colors depending on the response time? Can it create DCE-RPC Service Response Time tables Can it filter for DCE-RPC Service Response times? Can if flag/colorize DCE-RPC Service Response in different colors depending on the response time? Can it create SMB Service Response Time tables Can it filter for SMB Service Response times? Can if flag/colorize SMB Service Response in different colors depending on the response time? ... add all the other response times we can calculate Then we can check filtering: Does packet filtering work? I.e. if you filter for NFS, will this pick up all packets that contain an NFS PDU or will it only find an undocumented subset of these packets? ... Then we can check all the things in TCP Sequence Number Analysis: Can it find and flag a TCP keep-alive Can it find and flag when someone writes to a zero-window? ... then we can check authentication protocols: Can it dissect NTLMSSP authentication blobs Can it dissect the authentication blobs wor windows authentication ... Can it decode and display the encrypted payload of SAMR packets? ... we need a comparison table showing what ethereal can do. things that are useful.
- References:
- [Ethereal-dev] Another Windows-only sniffer: PacScope ...
- From: Richard Sharpe
- [Ethereal-dev] Another Windows-only sniffer: PacScope ...
- Prev by Date: Re: [Ethereal-dev] Another Windows-only sniffer: PacScope ...
- Next by Date: Re: [Ethereal-dev] Summary statistics + Data in filtered packets
- Previous by thread: Re: [Ethereal-dev] Another Windows-only sniffer: PacScope ...
- Next by thread: Re: [Ethereal-dev] Another Windows-only sniffer: PacScope ...
- Index(es):