[CALUG] ethernet network analyser

James Ewing Cottrell 3rd JECottrell3 at Comcast.NET
Mon Nov 14 15:43:37 EST 2011 

  A good book on the subject is Practical Packet Analysis...available in 
a Library Near You.

The book tells you what you need to know...from the physical (you need a 
hub or a promiscuous switch), how to use tcpdump and wireshark either 
together or separately, and cooks up some scenarios and shows how to use 
wireshark to analyze them. Thorough, but Easy to Read.

http://www.amazon.com/Practical-Packet-Analysis-Wireshark-Real-World/dp/1593271492

JIM

P.S. There is also a Curses based tool called iptraf, which is useful in 
certain cases

On 11/2/2011 6:41 PM, Walt Smith wrote:
> Q:
> A demo of a network session should show the protocols in
> action at the ethernet level; i.e. some screen showing
> request -->  ack ->  grant   payloads included embedded TCP/IP
> type of data.
>
> What should be used for this?  Does ethereal software get down to the
> grit level?
>
> Background;
> I believe that several software packages will sniff an ethernet card
> and be able to symbolically display REQ, ACK for protocols at
> the TCP/IP Level.  If so confirmation by a reader would be good.
>
> I don't know ( and maybe I could dig into the docs if I was
> relatively sure I was on the right track ) if the software has
> capability to get to the actual ethernet level to show the
> protocols there-- IS hardware needed such as a logic analyser
> (I've used several years ago ) or network analyser ?
>
> Case in point: ( so I hope I'm clear ).
> It is the case that software would format an IDE hard
> disk.  Hi-level.  It could check for errors, sectors etc.
> BUT -- there was a lower level -- a low level format -- that
> was generally considered to be "factory" which is where the REAL
> IDE ( or a lower set ) of instructions took place- so you
> (may have) needed to know what was going on for some reason.
> (Obviously, tech's don't need that level anymore outside of
> the flooded Thai factory - you may have for forensics or
> recovery etc... )
>
> So, if one wants to observe in symbol format the real ethernet
> bittys, what would one use ?  ( is a fast PC able to get to the lowest
> levels with a NIC CHIP today, after all, 100 MBPS isnt' slow.
> Perhaps it could be done on a 10 MBPS line without real
> hardware )?
>
> TECH speak:  IF the NIC is a shift register and the
> bitty's are flying in, it seems like a parallel read of the
> shift register real data is possible-- assuming the nic chip is
> designed that way.
>
>
>
>
> thx,
>
> Walt.........
> Celebrating over 14,000 emails in my Yahoo Inbox !
>
> _______________________________________________
> CALUG mailing list
> CALUG at unknownlamer.org
> http://lists.unknownlamer.org/listinfo/calug
>

More information about the CALUG mailing list