Alternatives to Wireshark.
Hi there, I've always used wireshark for packet sniffing, it solved most of my needs. First of all, I'm not questioning the why of not having a port, I've read the previous posts (I really don't care why, don't start a discussion). My main need is debugging DNS packets (mDNS), and reading raw tcpdump output isn't very easy, I need to really debug the protocol, so something that could show me field names and values would be cool. Right now I'm using tcpdump and accounting stuff like: ok this is the id, so the next 2 bytes is the query type and so on... (this isn't working :-D). I understand I could make some script to interpret the values, but I'm sure you guys already though of something better. Thanks.
Re: Alternatives to Wireshark.
I like ettercap for that. On Wed, Jan 27, 2010 at 12:23 PM, Christiano F. Haesbaert haesba...@haesbaert.org wrote: Hi there, I've always used wireshark for packet sniffing, it solved most of my needs. First of all, I'm not questioning the why of not having a port, I've read the previous posts (I really don't care why, don't start a discussion). My main need is debugging DNS packets (mDNS), and reading raw tcpdump output isn't very easy, I need to really debug the protocol, so something that could show me field names and values would be cool. Right now I'm using tcpdump and accounting stuff like: ok this is the id, so the next 2 bytes is the query type and so on... (this isn't working :-D). I understand I could make some script to interpret the values, but I'm sure you guys already though of something better. Thanks.
Re: Alternatives to Wireshark.
On 2010-01-27, Christiano F. Haesbaert haesba...@haesbaert.org wrote: My main need is debugging DNS packets (mDNS), and reading raw tcpdump output isn't very easy, I need to really debug the protocol, so something that could show me field names and values would be cool. Right now I'm using tcpdump and accounting stuff like: ok this is the id, so the next 2 bytes is the query type and so on... (this isn't working :-D). tcpdump already handles mDNS, it shouldn't be too hard to extend and add what you're missing...
