[CALUG] ethernet network analyser

Bob Overberg overberg at gmail.com
Wed Nov 2 18:57:56 EDT 2011


It's called Wireshark now. No problem sniffing at 100Mb/s or even 1Gb/s on
modern equipment, as long as you have root for promiscuous on NIC.

http://www.wireshark.org/





On Wed, Nov 2, 2011 at 6:41 PM, Walt Smith <waltechmail at yahoo.com> wrote:

>
> Q:
> A demo of a network session should show the protocols in
> action at the ethernet level; i.e. some screen showing
> request --> ack -> grant   payloads included embedded TCP/IP
> type of data.
>
> What should be used for this?  Does ethereal software get down to the
> grit level?
>
> Background;
> I believe that several software packages will sniff an ethernet card
> and be able to symbolically display REQ, ACK for protocols at
> the TCP/IP Level.  If so confirmation by a reader would be good.
>
> I don't know ( and maybe I could dig into the docs if I was
> relatively sure I was on the right track ) if the software has
> capability to get to the actual ethernet level to show the
> protocols there-- IS hardware needed such as a logic analyser
> (I've used several years ago ) or network analyser ?
>
> Case in point: ( so I hope I'm clear ).
> It is the case that software would format an IDE hard
> disk.  Hi-level.  It could check for errors, sectors etc.
> BUT -- there was a lower level -- a low level format -- that
> was generally considered to be "factory" which is where the REAL
> IDE ( or a lower set ) of instructions took place- so you
> (may have) needed to know what was going on for some reason.
> (Obviously, tech's don't need that level anymore outside of
> the flooded Thai factory - you may have for forensics or
> recovery etc... )
>
> So, if one wants to observe in symbol format the real ethernet
> bittys, what would one use ?  ( is a fast PC able to get to the lowest
> levels with a NIC CHIP today, after all, 100 MBPS isnt' slow.
> Perhaps it could be done on a 10 MBPS line without real
> hardware )?
>
> TECH speak:  IF the NIC is a shift register and the
> bitty's are flying in, it seems like a parallel read of the
> shift register real data is possible-- assuming the nic chip is
> designed that way.
>
>
>
>
> thx,
>
> Walt.........
> Celebrating over 14,000 emails in my Yahoo Inbox !
>
> _______________________________________________
> CALUG mailing list
> CALUG at unknownlamer.org
> http://lists.unknownlamer.org/listinfo/calug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.unknownlamer.org/pipermail/calug/attachments/20111102/33184b1c/attachment.htm 


More information about the CALUG mailing list