On Sep 22, 2003, at 12:11 AM, Richard Sharpe wrote:
I noticed that Etherpeek is claiming it has support for:
CIFS, SMB, MSRPC, MSRAP, WINS, MSN Messenger
They also have some really exciting features, not found in many other
packet analyzers, that convinced Mentor Graphics to use it - the report
at
http://www.wildpackets.com/elements/casestudies/mentorgraphics.pdf
says:
In its efforts to create increasingly advanced and reliable electronic
products for
the market, Mentor Graphics required a sophisticated solution to speed
and ease
both development and troubleshooting processes. To assist with numerous
projects to develop new protocols and debug Nucleus NET stack and
Ethernet
drivers, Mentor Graphics turned to a well-known standard packet
sniffer.
Mentor Graphics' engineers found that the packet sniffer they had
chosen,
however, lacked support for IPv6 decodes - a key protocol in their
development
work. In searching for an alternative, they came to realize that most
packet
sniffers do not provide this essential decoding support. EtherPeek was
the only
affordable analyzer option that could deliver the capability required.
"Most sniffer packages do not decode IPv6 packets, while EtherPeek
does, so it
has become a crucial tool in our development of IPv6."
-Tammy Leino, Software Development Engineer
and
EtherPeek interprets the protocol layers of a captured frame and
exposes the core
information. By monitoring, filtering, decoding and displaying packet
data,
EtherPeek easily pinpoints protocol errors and detects network
problems such as
unauthorized, or misconfigured nodes and unreachable devices.
"The ability to capture packets and view the decoded protocol headers
is the
most useful feature of EtherPeek to our company. We are able to easily
view
source/destination MAC/IP addresses, the summary field shows the SEQ
and
ACK numbers for TCP sessions, we can filter on a specific address or
protocol to
capture only the packets we want, and all of the information is
decoded in a
reader friendly format. EtherPeek has been very helpful in finding
problems with
TCP thanks to its Summary and Absolute Time reporting!"
I wonder what "well-known standard packet sniffer" that was - whatever
it is, it's setting the bar pretty low, if it can't handle IPv6 and if
it doesn't display decoded protocol headers.... (They said EtherPeek
was the only "affordable" analyzer option that could deliver the
capability required, so perhaps NAI's Sniffer does the job but costs
too much - I have the impression it's a *LOT* more expensive than, say,
EtherPeek.)