[10398] in bugtraq
Re: X-based sniffer-netxmon
daemon@ATHENA.MIT.EDU (Zhang Qianli)
Fri Apr 30 14:37:23 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.SOL.3.91.990430131959.9288A-100000@public>
Date: Fri, 30 Apr 1999 13:27:36 +0900
Reply-To: Zhang Qianli <zhang@PUBLIC.BJNET.EDU.CN>
From: Zhang Qianli <zhang@PUBLIC.BJNET.EDU.CN>
X-To: route@RESENTMENT.INFONEXUS.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19990429184415.1646.qmail@resentment.infonexus.com>
On Thu, 29 Apr 1999 route@RESENTMENT.INFONEXUS.COM wrote:
> Ethereal, http://ethereal.zing.org, is a stable portable network
> traffic analyzer running on top of tcpdump that sports a nice GTK-based
> interface.
>
> Oh yah. Use libnet. http://www.packetfactory.net/libnet
>
> --
--snip--
I should say that there are two kinds of sniffer in my mind, one kind
is packet-based, that means to analyse every packet and show their header
and content. Tcpdump and Ethereal is such. They are best used to network
behavior analysis tools. Another kind of sniffer is session-based, they
will neglect packet header, only pay attention to what *content* is going
through the network. They can be used as intrusion detection, security
check or just for a fun, sniffit and this netxmon is such.
BTW, there is a negligence of mine. I forget the fact that I have installed
libpcap in every test system of mine! So if some guy find an error message
complaining cannot find net/bpf.h , please copy the
libpcap-possiblymodified/net/bpf.h to /usr/include/net/ , or you can
redownload it, I have fixed this. Many thanks to Chris Riley and Gary Truslow
to notice this.
Zhang
