"Jeff Stampes" wrote:
"Hawley, Rob" wrote:
The filer itself is a good line analyzer ( using pktt). We regularly use
it
when line traces are required at customer sites.
Didn't know about this before...now is there a way we can analyze the file
it
dumps on our own?
Get ethereal , from http://ethereal.zing.org/ -- it's open source, and includes links under downloads for binary distributions for Win32 and a variety of Unix distribs.
The Win32 distribution includes "editcap.exe" to convert from libpcap/tcpdump formats to a variety of commercial analyzers.
...walt... Disclaimer: StorageNetworks is astute enough to ignore my opinions, so there is no way I'm able to speak officially for the company.....
Get ethereal , from http://ethereal.zing.org/ -- it's open source, and includes links under downloads for binary distributions for Win32 and a variety of Unix distribs.
...although its SMB dissection isn't yet as complete as that of, say, Microsoft Network Monitor. Fortunately...
The Win32 distribution includes "editcap.exe" to convert from libpcap/tcpdump formats to a variety of commercial analyzers.
...one of those formats is Network Monitor format (which the library that Ethereal, Tethereal, and editcap use can also read).
editcap source comes with the Ethereal source distribution, and is probably in at least some of the UNIX binary distributions.
Note, though, that not all of the UNIX binary distributions are the latest version of Ethereal; for example, the one at sunfreeware.com for Solaris 8/SPARC is just 0.8.4, but Ethereal is up to 0.8.12 at this point.
pktt files can, of course, also be read by anything *else* that can read tcpdump files.
I know there is some NetApp talent on the Ethereal team. Any chance of a protocol dissector for NDMP? =)
-- Jeff
-- ---------------------------------------------------------------------------- Jeff Krueger E-Mail: jeff@qualcomm.com Senior Engineer Phone: 858-651-6709 NetApp Filers / UNIX Infrastructure Fax: 858-651-6627 QUALCOMM, Inc. IT Engineering Web: www.qualcomm.com
On Tue, Oct 03, 2000 at 12:46:57AM -0700, Guy Harris wrote:
Get ethereal , from http://ethereal.zing.org/ -- it's open source, and includes links under downloads for binary distributions for Win32 and a variety of Unix distribs.
...although its SMB dissection isn't yet as complete as that of, say, Microsoft Network Monitor. Fortunately...
The Win32 distribution includes "editcap.exe" to convert from libpcap/tcpdump formats to a variety of commercial analyzers.
...one of those formats is Network Monitor format (which the library that Ethereal, Tethereal, and editcap use can also read).
editcap source comes with the Ethereal source distribution, and is probably in at least some of the UNIX binary distributions.
Note, though, that not all of the UNIX binary distributions are the latest version of Ethereal; for example, the one at sunfreeware.com for Solaris 8/SPARC is just 0.8.4, but Ethereal is up to 0.8.12 at this point.
pktt files can, of course, also be read by anything *else* that can read tcpdump files.
-
Guy Harris -
Jeffrey Krueger -
Weber, Walter