Ethereal-dev: Re: [Ethereal-dev] Re: [Ethereal-cvs] cvs commit: ethereal packet-smb.c smb.h

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Kevin <kem2@xxxxxxx>
Date: Sun, 13 Apr 2003 19:06:36 -0400
My $0.02 here.
My group of 6 basically does only protocol analysis and troubleshooting for a major ISP. We are constantly looking for new and better products. So far, Ethereal wins hands down.
For post capture analysis, nothing right now beats Ethereal / Tethereal for ease of use, completeness of decodes and flexibility. The filters are intuitive and the tcp analysis is getting better and better. Getting something fixed or a feature request done is amazingly fast, depending on the request.
The only "problem" area is the capture of frames at high data rates. For this we use ASIC based analyzers and then open the trace files with ethereal.
My favorite vendor test is to open a 9 gig trace file on FreeBSD with Ethereal. This trace has over 1.2 m sessions in it. I then offer the trace file to the vendor to try and open. So far, only Ethereal can do it. 

Thank you all very much for a fantastic project.

Kevin Mason

On Sunday, April 13, 2003, at 06:18 PM, Guy Harris wrote:


On Sun, Apr 13, 2003 at 03:12:32PM +1000, Ronnie Sahlberg wrote:
i have been told that some packet analyzers out there that are so primitive 
that they can not even
reassemble dcerpc over tcp.  is that true?   :-)


I'm curious whether there are *any* analyzers that can reassemble all
the things Ethereal can reassemble.

I think there are some things that other analyzers handle that we don't
yet handle - I think I saw Sniffer Pro reassemble the pieces of an OSI
COTP packet, for example.

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev