sniffers

[Chris Brenton]

On Sun, 2004-04-25 at 23:06, Hewitt Tech wrote:
>
> One thing that might affect which tool you decide to use - if you need an
> intrusion detection system, you might want to use snort.

Actually, tcpdump, Ethereal and Snort (in binary mode) will all use the
same file format. So you can capture with one and review with the other
two.

I would tell your friend to play with all three and see which one they
like best. I find each has their strengths and weaknesses depending on
the situation. Also, I would add ngrep to the list as sometimes you want
to key in on the payload content.

HTH,
Chris