The packet data has to be analyzed to determine if it passes the filter condition. The pcap library provides a very fast filtering engine, which is important because running a filter on a packet uses processing power from your computer. It is the pcap library that provides the capture-filtering mechanism to Ethereal. For convenience, we'll refer to pcap and WinPcap simply as pcap, since for our purposes they are operationally equivalent. On UNIX this library is pcap (also known as libpcap), maintained by the same group that develops tcpdump, the venerable UNIX command-line sniffer available at On Windows, this library is WinPcap, a device driver and dynamic link library (DLL) that provides a pcap interface for Windows programs. Instead, it relies on a program library to do the packet capturing. The Ethereal program does not know how to capture packets from network interfaces by itself. The reason that there is a distinction between capture filters and display filters is not due to their different uses, but instead to how they are implemented in Ethereal. As all of the packets are still in memory, they will once again become visible when you reset your display filter. For this situation Ethereal provides display filters, which allow you to specify which packets are shown in Ethereal's Graphical User Interface (GUI). Once your packets are loaded into Ethereal, there still may be too many packets for you to easily focus on the problem you're trying to solve. By using capture filters, the operating system (OS) sends only selected packets to Ethereal for processing. Ethereal provides capture filters, which allow you to capture only the packets which you are interested in. On a lightly loaded home network this is not a problem, but on a busy network at a large enterprise, the deluge of packets would prove too much for the user to handle. When capturing packets from a network interface, Ethereal's default behavior is to capture all packets that the operating system's device driver provides. In Ethereal Packet Sniffing, 2004 Introduction
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |