[CALUG] ethernet network analyser

[Walt Smith]

Q:
A demo of a network session should show the protocols in 
action at the ethernet level; i.e. some screen showing
request --> ack -> grant   payloads included embedded TCP/IP
type of data.

What should be used for this?  Does ethereal software get down to the
grit level?

Background; 
I believe that several software packages will sniff an ethernet card
and be able to symbolically display REQ, ACK for protocols at
the TCP/IP Level.  If so confirmation by a reader would be good.

I don't know ( and maybe I could dig into the docs if I was
relatively sure I was on the right track ) if the software has
capability to get to the actual ethernet level to show the 
protocols there-- IS hardware needed such as a logic analyser 
(I've used several years ago ) or network analyser ?

Case in point: ( so I hope I'm clear ).
It is the case that software would format an IDE hard
disk.  Hi-level.  It could check for errors, sectors etc.
BUT -- there was a lower level -- a low level format -- that 
was generally considered to be "factory" which is where the REAL
IDE ( or a lower set ) of instructions took place- so you 
(may have) needed to know what was going on for some reason.
(Obviously, tech's don't need that level anymore outside of
the flooded Thai factory - you may have for forensics or
recovery etc... )

So, if one wants to observe in symbol format the real ethernet
bittys, what would one use ?  ( is a fast PC able to get to the lowest
levels with a NIC CHIP today, after all, 100 MBPS isnt' slow.
Perhaps it could be done on a 10 MBPS line without real
hardware )?  

TECH speak:  IF the NIC is a shift register and the
bitty's are flying in, it seems like a parallel read of the
shift register real data is possible-- assuming the nic chip is 
designed that way.




thx,

Walt.........
Celebrating over 14,000 emails in my Yahoo Inbox !