Jose,
you are doing it again ... dont you mean tcp sessions.
IP doesn't keep track of session control...TCP does this
also though accepted speech seems to lump them together, it isnt
always true..
example ospf link state 5 (lsa) use IP but not TCP whereas BGP does use ride
a TCP and is listened to on port . The 2 protocols are NOT
in same layer of the OSI stack. dont confuse newbiews with generalities
which get repeated and cause embarassment later.
sniffing only teaches one how to sniff as the purpose becomes to
capture traffic as opposed to protocol behavior.
i dont object to sniffers but i can take them or leave them as i can use the
tools around me...
also if you dont have access to routers what do you care whether cdp is
enabled and if you do its braindead easy to tell if it is.
come on, Joe, come better than that.
i can watch the incrementals of any loggable traffic against access-list
counts on my cisco extended lists, combined with
loghost analysis (this is a netsec list isnt it?), you can figure it
out,,,hell the console log of a router will divulge if certain traffic even
gre tunnels are passing traffic.
un*x is a toolbox and what you dont have you can certainly build.
if you are using m$ winbloze, too bad.
piranha...
>From: Jose Nazario <[EMAIL PROTECTED]>
>Subject: Re: Sniffers
>Date: Thu, 12 Apr 2001 08:07:30 -0400 (EDT)
>
>On Thu, 12 Apr 2001, HUNGRY PIRANHA wrote:
>
> > q&a,,,why do all of us so-called experts recommend gadgets instead of
> > tried & true debugging tools
>
>because of features not available in tcpdump, for example, like protocol
>decodes (ie CDP in ethereal).
>
> > ping,traceroute,tcpdump are extremely usefull still...
>
>last time i looked ping can't do a layer 2 ping. traceroute was UDP only
>on my UN*X boxen, and maybe i have to do some TCP or GRE path tracing.
>
>what's a real bummer is the -X option in tcpdump seems to be OpenBSD
>specific. i haven't yet found a regular version that has that on Linux.
>
> > netstat just about spills its gut try to give you info in connection
> > status. new guys ...learn how the basic stuff works first...
>
>sure, but a good sniffer will help them learn how IP sessions work. when
>they're trying to learn how a three way handshake works, they shouldn't
>have to worry about hex -> ASCII conversions.
>
>____________________________
>jose nazario [EMAIL PROTECTED]
> PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
> PGP key ID 0xFD37F4E5 (pgp.mit.edu)
>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
