["Guy Harris" <gharris@xxxxxxxxx>]

Ian Schorr said:
> He didn't mention the fact that not only
> does Ethereal decode a huge number of protocols not touched by the
> other products, but in general the quality and accuracy of the decodes
> is FAR beyond the other analyzers.

He spoke of the commercial products offering "more accurate decodes"; I'm
curious what inaccuracies he found in Ethereal's decodes.

> He didn't even mention that
> Ethereal is the only product mentioned with an actual display filtering
> system (offset filtering during post-capture analysis doesn't count).

He didn't mention Microsoft Network Monitor (perhaps because the
limited-capabilities free version comes, I think, only with the server
versions of Windows, and the full version is available only with SMS); it
also has a display filtering system similar to that of Ethereal.

He does say of EtherPeek that it has "the ability to quickly filter out
traffic you don't want to see in the display", but I don't know whether
that's just offset filtering or not (an EtherPeek for Mac manuals seems to
indicate that you might be able to filter on particular protocols, but not
on fields in a protocol).