A.P. Lawrence

2005/02/18 Ethereal

Ethereal is an open source network protocol analyzer. It can analyze live data or files from an amazing number of other applications (tcpdump, snoop, Cisco iplog etc.).

One (of many) interesting features is the ability to reconstruct a tcp session in the order the application would have seen it (network bytes don't necessarily arrive in order; it's up to higher levels of the tcp stack to reconstruct them). It can also do helpful resolution translations for you: mac addresses to ip addresses, mac to manufacturer, ip addresses to dns, port numbers to names.

Free, extensible, powerful.

Comments /Words/2005_02_18.html


Sat Feb 19 01:34:35 2005: Subject:   BigDumbDinosaur
"One (of many) interesting features is the ability to reconstruct a tcp session in the order the application would have seen it (network bytes don't necessarily arrive in order; it's up to higher levels of the tcp stack to reconstruct them)."

Slight clarification: the packets don't necessarily arrive in the order transmitted. Within any given packet, the bytes will be in proper order. Otherwise, the packet CRC will be invalid.

Add your comments

Why no "Digg this!" etc.?

Lone-Tar Backup and Disaster Recovery
for Linux and Unix

Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here