Re: Sniffer Opinions?

[Robert Graham <robert_david_graham () yahoo com>]

--- "Ames, Neil" <NAmes () anteon com> wrote:
> Sniffer gurus,
>       I am about to buy a protocol analyzer.  I was very impressed with a
> brief eval of eEye's "Iris" scanner.  Anyone have in-depth experience with
> it with a strong opinion?  I barely got a chance to evaluate it and am still
> amazed by how much easier it is to use than some other products.  It seems
> infinitely more intuituve and polished than Sniffer Pro 4.5 and Ethereal.
> Anyone worked on the WildPackets Etherpeek or NX scanner?  I am downloading
> an eval now, but a brief eval isn't like months of relying on in in spot
> situations.  I want a product that will let me identify many protocols,
> group conversations easily, and provide decent reporting, on Ethernet.  I
> don't know that I can't live without live decoding, but it seems very useful
> (and cool).  I *don't* want a product that requires me to read the manual if
> I haven't used it in a month.

I am the engineer who wrote or rewrote most all of the protocol decodes in the
NAI Sniffer back around 1996. I no longer work for NAI, though.

I typically use Ethereal, Microsoft's NetMon, and the NAI Sniffer, depending
upon the task. (There is no such thing as a "best" product for all users or all
tasks). Harry Saal, one of the two founders of Network General (creators of the
Sniffer, which was merged into NAI) says that he usually uses Ethereal.

The NAI Sniffer gives you the most complete and best protocol decodes. It also
has a real-time "expert" sniffer that will point out network faults in
real-time. However, the user-interface has become less polished over the years,
and is actively user hostile at times -- though part of this comes from the
fact that it has the most features (typically, the more feature rich, the more
difficult simple tasks become).

Microsoft's NetMon provides better decodes of some Microsoft-specific protocols
(though not always, sometimes NAI Sniffer and Ethereal point out things better
than NetMon). It's feature set is basic, it's user interface is simple. It
comes "free" with the "Server" version.

There is likely no task that you cannot complete using Microsoft's NetMon and
Ethereal. I suggest you play around with these two and learn sniffers a bit
before paying money. I mean, I get to use any sniffer I want, but I use these
two more than half the time.

You might find this helpful in learning about sniffers:
http://www.robertgraham.com/pubs/sniffing-faq.html



__________________________________________________
Do You Yahoo!?
Yahoo! Greetings - send holiday greetings for Easter, Passover
http://greetings.yahoo.com/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards