Frequently Asked Questions

Previous page
Table of content
Next page

  < Day Day Up > 


The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the “Ask the Author” form. You will also gain access to thousands of other FAQs at ITFAQnet.com.

1. 

What is the difference between using Tethereal and editcap to translate the format of capture files?

nothing - they both perform the same function. however, editcap would be a more efficient method of converting files because tethereal contains a lot of code for protocol dissection, whereas editcap is a smaller program with only a few functions. you can also use the ethereal gui to do the same thing by choosing save as from the file menu.

2. 

Can mergecap combine gzipped files?

yes, mergecap can automatically uncompress, read, and merge gzip files.

3. 

What types of things can I do to make scripting with Tethereal faster?

one way to make scripting faster with tethereal is to use the l option to flushes the standard output after each packet is printed instead of waiting until it fills up. this way each packet is sent as soon as it is read and dissected. you can also use the n option to disable network object name resolution to make the process faster.

4. 

Can I use filters to specify what packets to remove with editcap?

no, editcap does not have the capability to use filters. you must know the packet numbers that you want to include or exclude from the output capture file. you can use tethereal to read a capture file, apply filters, and output the results to a new capture file.

Answers

1. 

Nothing - they both perform the same function. However, editcap would be a more efficient method of converting files because Tethereal contains a lot of code for protocol dissection, whereas editcap is a smaller program with only a few functions. You can also use the Ethereal GUI to do the same thing by choosing Save As from the File menu.

2. 

Yes, mergecap can automatically uncompress, read, and merge gzip files.

3. 

One way to make scripting faster with Tethereal is to use the –l option to flushes the standard output after each packet is printed instead of waiting until it fills up. This way each packet is sent as soon as it is read and dissected. You can also use the –n option to disable network object name resolution to make the process faster.

4. 

No, editcap does not have the capability to use filters. You must know the packet numbers that you want to include or exclude from the output capture file. You can use Tethereal to read a capture file, apply filters, and output the results to a new capture file.


 < Day Day Up > 


Previous page
Table of content
Next page
Ethereal Packet Sniffing
Ethereal Packet Sniffing (Syngress)
ISBN: 1932266828
EAN: 2147483647
Year: 2004
Pages: 105
Authors: Syngress
BUY ON AMAZON
Documenting Software Architectures: Views and Beyond
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
C & Data Structures (Charles River Media Computer Engineering)
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy