RE: Difference between Protocol Analyzers -> Packet Sniffers

["Palmer, Paul (ISSAtlanta)" <PPalmer () iss net>]

In my opinion, one key distinction is that protocol analyzers tend to be stateful and are typically able to use 
information from one packet to analyze another that is part of the same context whereas packet sniffers typically 
analyze each packet in isolation if they analyze it at all.

-----Original Message-----
From: Eric Hines [mailto:eric.hines () appliedwatch com]
Sent: Thursday, March 25, 2004 11:33 AM
To: focus-ids () securityfocus com; lists () dshield org
Subject: Difference between Protocol Analyzers -> Packet Sniffers


All,

Once upon a time I had a pretty heated argument between myself and another
individual on the topic of distinction between protocol analyzers and packet
sniffers, and that they are not one in the same.

Can anyone provide me some good points on supporting this argument. E.g.
Ethereal is a protocol analyzer and Tcpdump is not... 

I've only been able to articulate that Protocol Analyzers can conduct protocol
decoding, whereas Tcpdump can not... Ethereal can provide information on the
different fields of the HTTP header and SSL fields.... stuff like that.. Anyone
care to jump in here and provide more meat to this argument than this?

BRDS,
Eric Hines, GCIA
CEO, President
Applied Watch Technologies, Inc.


-------------------------------------------
Eric Hines, GCIA
CEO, Chairman
Applied Watch Technologies, Inc.
web: http://www.appliedwatch.com
email: eric.hines () appliedwatch com
-------------------------------------------
Direct: (877) 262-7593 - Toll Free x327
Fax: (815) 425-2173
General: (877) 262-7593 (9am-5pm CST)
-------------------------------------------






---------------------------------------------------------------------------

---------------------------------------------------------------------------


---------------------------------------------------------------------------

---------------------------------------------------------------------------