IDS mailing list archives

Re: Difference between Protocol Analyzers -> Packet Sniffers

From: "Jim Matthews" <jtmatthews () cox net>
Date: Sat, 27 Mar 2004 11:19:28 -0500

Are you aware that tcpdump can support protocol decoding through the use of
filters?  Using filters, one can extract any portion of data out of the
collected frames/packets.  I've used this technique to monitor
application-layer activities.

----- Original Message ----- 
From: "Eric Hines" <eric.hines () appliedwatch com>
To: <focus-ids () securityfocus com>; <lists () dshield org>
Sent: Thursday, March 25, 2004 11:32 AM
Subject: Difference between Protocol Analyzers -> Packet Sniffers

All,

Once upon a time I had a pretty heated argument between myself and another
individual on the topic of distinction between protocol analyzers and

packet

sniffers, and that they are not one in the same.

Can anyone provide me some good points on supporting this argument. E.g.
Ethereal is a protocol analyzer and Tcpdump is not...

I've only been able to articulate that Protocol Analyzers can conduct

protocol

decoding, whereas Tcpdump can not... Ethereal can provide information on

the

different fields of the HTTP header and SSL fields.... stuff like that..

Anyone

care to jump in here and provide more meat to this argument than this?

BRDS,
Eric Hines, GCIA
CEO, President
Applied Watch Technologies, Inc.


-------------------------------------------
Eric Hines, GCIA
CEO, Chairman
Applied Watch Technologies, Inc.
web: http://www.appliedwatch.com
email: eric.hines () appliedwatch com
-------------------------------------------
Direct: (877) 262-7593 - Toll Free x327
Fax: (815) 425-2173
General: (877) 262-7593 (9am-5pm CST)
-------------------------------------------






--------------------------------------------------------------------------


--------------------------------------------------------------------------




---------------------------------------------------------------------------

---------------------------------------------------------------------------

Current thread:

Difference between Protocol Analyzers -> Packet Sniffers Eric Hines (Mar 27)
- Re: Difference between Protocol Analyzers -> Packet Sniffers Vincent Bieri (Mar 29)
- Re: Difference between Protocol Analyzers -> Packet Sniffers Joel Snyder (Mar 29)
- Re: Difference between Protocol Analyzers -> Packet Sniffers Adam Baldwin (Mar 29)
- Re: Difference between Protocol Analyzers -> Packet Sniffers Thomas Ptacek (Mar 29)
- Re: Difference between Protocol Analyzers -> Packet Sniffers Jim Matthews (Mar 30)
- <Possible follow-ups>
- RE: Difference between Protocol Analyzers -> Packet Sniffers Palmer, Paul (ISSAtlanta) (Mar 29)
- RE: Difference between Protocol Analyzers -> Packet Sniffers Seymour, Keith E. (Mar 29)
- RE: Difference between Protocol Analyzers -> Packet Sniffers Adam Powers (Mar 29)