[ale] Packet sniffer

Jonathan Rickman jonathan at xcorps.net
Mon May 20 16:23:46 EDT 2002


On Mon, 20 May 2002, Thompson Freeman wrote:

> I'm sure if I thought more about it, I could come up with potiential
> reasons Win9x is not a good choice. Rather than guessing, however, would
> you like to expand on your assertion? (I'd be happy to trust you if I were
> packet sniffing. I'm not - I'm attempting to understand the percieved
> strengths/weaknesses of various computer technologies.)

The main problem with using ethereal on Win9x is stability. Large captures
on a fairly busy network tend to cause Win9x (regardless of hardware) to
choke when filtering the capture. NT and 2000 do not exhibit this
behavior. Ethereal can be quite a hog when following a long TCP stream,
regardless of the OS...but you get much better results with *nix or
NT/2000. I guess the same applies to most things though. Believe me, the
last thing you want is to lose a 24 hour capture because Windows just
crapped out on you.

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list