Solutions Fast Track

 < Day Day Up > 



Tethereal

  • Tethereal can read packets from the network or from a packet capture file.

  • Tethereal can decode and print the captured packets to screen or save them to a file.

  • One of the best advantages to using Tethereal is that it is highly scriptable.

  • Tethereal can apply both capture filters and display filters to the packet captures.

  • Tethereal can collect various types of statistic about the data that is being captured.

  • Like editcap, Tethereal can be used to translate capture file formats.

Editcap

  • Editcap can be used to remove packets from a capture file or to translate the format of capture files.

  • The –t option in editcap is used to apply a time adjustment to the timestamps of the packets.

  • The snapshot length can be specified with the –s option to decrease the size of each packet.

  • Editcap can specify an encapsulation type for the packets in the output file with the –T option.

Mergecap

  • Mergecap can merge several packet capture files into a single output file.

  • Mergecap can read capture files of various formats and output them to a single format.

  • By default, the packets from the input files are merged in chronological order based on each packets timestamp, however if the –a option is specified, packets will be copied directly from each input file to the output file regardless of timestamp.

  • Mergecap can merge capture files with different encapsulation types into a single output file by using the –T option to force the output encapsulation type.

Text2pcap

  • Text2pcap reads ASCII hexadecimal dump captures and writes the data to a libpcap output file.

  • Text2pcap can insert dummy Ethernet, IP, and UDP or TCP headers.

  • The command od –t x1 will generate output that text2pcap can understand.

  • An offset of 0 indicates the beginning of a new packet.

  • Text2pcap options give you a lot of control over the dummy headers, timestamps, and encapsulation type for each packet.



 < Day Day Up > 



Ethereal Packet Sniffing
Ethereal Packet Sniffing (Syngress)
ISBN: 1932266828
EAN: 2147483647
Year: 2004
Pages: 105
Authors: Syngress

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net