debugging.html

SDK FAQ集

to be trapped in 1988. However, it is easier to evaluate than Snooper,
as the demo will capture up to 64K of network data with the exception
that every eighth packet is intentionally overwritten with garbage.
		</td>
	</tr>

	<tr>
		<td valign=top><b>Date&nbsp;tried:</b></td>
		<td>Long, long ago, version unknown</td>
	</tr>

	<tr>
		<td valign=top><b>Rating:</b></td>
		<td><img src="bitmaps/3socket.gif" alt="*" width=96 height=32></td>
	</tr>
</table>

<hr noshade size=1>




<a name="monet"></a>
<table cellspacing=0 cellpadding=5 border=0>
	<tr>
		<td valign=top><b>Package:</b></td>
		<td><a href="http://www.mg-soft.com/monetla.html">MONET LAN Analyzer</a></td>
	<tr>

	<tr>
		<td valign=top><b>Vendor:</b></td>
		<td>MG-SOFT</td>
	</tr>	

	<tr>
		<td valign=top><b>Platform(s):</b></td>
		<td>DOS</td>
	</tr>

	<tr>
		<td valign=top><b>User&nbsp;interface:</b></td>
		<td>Text graphics</td>
	</tr>

	<tr>
		<td valign=top><b>Price:</b></td>
		<td>$90-120, depending on the version</td>
	</tr>

	<tr>
		<td valign=top><b>Licensing:</b></td>
		<td>Commercial</td>
	</tr>

	<tr>
		<td valign=top><b>Commentary:</b></td>
		<td>
MONET comes in three versions, a $90 LITE version which is
suitable for network developers and a $120 version aimed at network
administrators.<img src="../bitmaps/dot-clear.gif" alt="" width=1 height=30 align=top> <br clear=all>

The demo version of the LITE package is almost fully functional, but it
does not appear able to save data to disk. The full version also has
a demo version, but it can only work with the canned data that comes
with it.<img src="../bitmaps/dot-clear.gif" alt="" width=1 height=30 align=top> <br clear=all>

The LITE package appears to be fairly featureful, though its relatively
modern interface (think Borland C++ 3.1) is nevertheless somewhat
clumsy. That pales in importance, however, in comparison to the product's
stability, or lack thereof. I was able to easily lock the LITE demo
up twice, and when I tried throwing a 58MB file transfer at it, the
program crashed badly enough to cause the machine to reboot before I
could walk back into the other room to see how MONET was handling the
data! This could be because I was running it on an old 286, but Gobbler,
Snooper and PacketView all ran without a hiccup on this machine under
similar conditions.<img src="../bitmaps/dot-clear.gif" alt="" width=1 height=30 align=top> <br clear=all>

My advice: if you're really so strapped for cash that you can't afford
one of the other two DOS payware offerings, you should save your nickles
and go with Gobbler, or put Linux on that DOS box and load one of the
many free Unix/Linux sniffers.
		</td>
	</tr>

	<tr>
		<td valign=top><b>Date&nbsp;tried:</b></td>
		<td>Long, long ago, version unknown</td>
	</tr>

	<tr>
		<td valign=top><b>Rating:</b></td>
		<td><img src="bitmaps/1socket.gif" alt="*" width=32 height=32></td>
	</tr>
</table>

<hr noshade size=1>




<a name="tcpdump"></a>
<table cellspacing=0 cellpadding=5 border=0>
	<tr>
		<td valign=top><b>Package:</b></td>
		<td><a href="ftp://ftp.ee.lbl.gov/tcpdump.tar.Z">tcpdump</a></td>
	<tr>

	<tr>
		<td valign=top><b>Author:</b></td>
		<td>Network Research Group, Lawrence Berkeley National Laboratory</td>
	</tr>	

	<tr>
		<td valign=top><b>Platform(s):</b></td>
		<td>Unix</td>
	</tr>

	<tr>
		<td valign=top><b>User&nbsp;interface:</b></td>
		<td>Text</td>
	</tr>


	<tr>
		<td valign=top><b>Licensing:</b></td>
		<td>BSD</td>
	</tr>

	<tr>
		<td valign=top><b>Commentary:</b></td>
		<td>
tcpdump does TCP-level decoding and precious little more. It is
optimized for showing only "header-level" information like the TCP
flags and such. Getting frame information out of TCP dump is not
worth the effort. (See <a href="#Ethereal">Ethereal</a> below below
for a better way.) tcpdump is good for ad-hoc debugging, especially if
you've got easy access to a Unix box on the LAN. tcpdump depends on <a
href="ftp://ftp.ee.lbl.gov/libpcap.tar.Z">libpcap</a>.

		</td>
	</tr>

	<tr>
		<td valign=top><b>Date&nbsp;tried:</b></td>
		<td>April 10, 2000, version 3.4</td>
	</tr>

	<tr>
		<td valign=top><b>Rating:</b></td>
		<td><img src="bitmaps/3socket.gif" alt="*" width=96 height=32></td>
	</tr>
</table>

<hr noshade size=1>




<a name="WinDump"></a>
<table cellspacing=0 cellpadding=5 border=0>
	<tr>
		<td valign=top><b>Package:</b></td>
		<td><a href="http://netgroup-serv.polito.it/analyzer/">Analyzer, WinDump and WinPCap</a></td>
	<tr>

	<tr>
		<td valign=top><b>Author:</b></td>
		<td>Piero Viano, Paolo Politano and Loris Degioanni</td>
	</tr>	

	<tr>
		<td valign=top><b>Platform(s):</b></td>
		<td>Win32</td>
	</tr>

	<tr>
		<td valign=top><b>User&nbsp;interface:</b></td>
		<td>GUI and text interfaces</td>
	</tr>


	<tr>
		<td valign=top><b>Licensing:</b></td>
		<td>Freeware</td>
	</tr>

	<tr>
		<td valign=top><b>Commentary:</b></td>
		<td>
Analyzer is a GUI built on top of <a
href="http://netgroup-serv.polito.it/winpcap/">WinPCap</a>,
a port of libpcap to Windows. They have also ported <a
href="#tcpdump">tcpdump</a> to Windows, calling it <a
href="http://netgroup-serv.polito.it/windump/install/">WinDump</a>.<img src="../bitmaps/dot-clear.gif" alt="" width=1 height=30 align=top> <br clear=all>

The GUI is top-flight, both from a usability and a features
standpoint. The only thing really lacking is that the documentation
is still in Italian. The menu items and dialogs are translated into
English, however.<img src="../bitmaps/dot-clear.gif" alt="" width=1 height=30 align=top> <br clear=all>

Source code is apparently only available for WinDump and WinPCap. See <a
href="#Ethereal">Ethereal</a>, below, for a WinPCap-compatible sniffer
whose code <i>is</i> available.<img src="../bitmaps/dot-clear.gif" alt="" width=1 height=30 align=top> <br clear=all>

WinPCap is a reasonable way to get low-level network access in your own
programs, especially if you don't want to spend any money.  Buying one
of <a href="libraries.html#PCAUSA">PCAUSA</a>'s kits is probably a better
choice if your time isn't free, though.
		</td>
	</tr>

	<tr>
		<td valign=top><b>Date&nbsp;tried:</b></td>
		<td>4/10/2000, version 2.02</td>
	</tr>

	<tr>
		<td valign=top><b>Rating:</b></td>
		<td><img src="bitmaps/5socket.gif" alt="*" width=160 height=32></td>
	</tr>
</table>

<hr noshade size=1>




<a name="Ethereal"></a>
<table cellspacing=0 cellpadding=5 border=0>
	<tr>
		<td valign=top><b>Package:</b></td>
		<td><a href="http://ethereal.zing.org/">Ethereal</a></td>
	<tr>

	<tr>
		<td valign=top><b>Author:</b></td>
		<td><a href="http://ethereal.zing.org/introduction.html#authors">Many people!</a></td>
	</tr>	

	<tr>
		<td valign=top><b>Platform(s):</b></td>
		<td>Unix, Win32</td>
	</tr>

	<tr>
		<td valign=top><b>User&nbsp;interface:</b></td>
		<td>GUI</td>
	</tr>


	<tr>
		<td valign=top><b>Licensing:</b></td>
		<td><a href="http://www.gnu.org/copyleft/gpl.html">GPL</a></td>
	</tr>

	<tr>
		<td valign=top><b>Commentary:</b></td>
		<td>
Ethereal is the <a href="#tcpdump">tcpdump</a> GUI that we all knew the
Open Source community could develop. It still has a ways to go before
it can beat the best GUI sniffers in the Windows world but it has some
very big advantages.<img src="../bitmaps/dot-clear.gif" alt="" width=1 height=30 align=top> <br clear=all>

Feature-wise, it is roughly comparable to <a href="#WinDump">Analyzer</a>,
above. Analyzer has a more polished UI, but Ethereal understands more
protocols, allows for user-written protocol dissectors, and comes with
source code. It's also more portable.<img src="../bitmaps/dot-clear.gif" alt="" width=1 height=30 align=top> <br clear=all>

Ethereal can read raw tcpdump capture files. This is a really nice
feature when you're remotely debugging a network problem: you can be
dialed into to a Unix box at a remote customer site and run tcpdump to
capture some network traffic to a file, then download it and look at it
with Ethereal. I've used this feature a time or two, and it sure beats
a $600 round-trip plane ticket to the customer's site!
		</td>
	</tr>

	<tr>
		<td valign=top><b>Date&nbsp;tried:</b></td>
		<td>January 2000, version 0.80</td>
	</tr>

	<tr>
		<td valign=top><b>Rating:</b></td>
		<td><img src="bitmaps/5socket.gif" alt="*" width=160 height=32></td>
	</tr>
</table>

<hr noshade size=1>




<a name="FreeCap"></a>
<table cellspacing=0 cellpadding=5 border=0>
	<tr>
		<td valign=top><b>Package:</b></td>
		<td><a href="http://www.geocities.com/SiliconValley/8979/FreeCapR2.html">FreeCap</a></td>
	<tr>

	<tr>
		<td valign=top><b>Author:</b></td>
		<td><a href="mailto:arton@geocities.co.jp">arton@geocities.co.jp</a></td>
	</tr>	

	<tr>
		<td valign=top><b>Platform(s):</b></td>
		<td>Windows NT 4.0</td>
	</tr>

	<tr>
		<td valign=top><b>User&nbsp;interface:</b></td>
		<td>GUI</td>
	</tr>


	<tr>
		<td valign=top><b>Licensing:</b></td>
		<td><a href="http://www.gnu.org/copyleft/gpl.html">GPL</a></td>
	</tr>

	<tr>
		<td valign=top><b>Commentary:</b></td>
		<td>
FreeCap is the same sort of thing as <a href="#WinDump">Analyzer</a>,
above: a free network driver and packet capture GUI.<img src="../bitmaps/dot-clear.gif" alt="" width=1 height=30 align=top> <br clear=all>

It was a good idea when it came out, but Analyzer's done the same
thing, better: the GUI is far nicer, and its network driver offers
the standard libpcap programming interface. Granted, Analyzer doesn't
include source for its GUI, but if you need that, you can get <a
href="#Ethereal">Ethereal</a> which also works with the WinDump driver.
		</td>
	</tr>

	<tr>
		<td valign=top><b>Date&nbsp;tried:</b></td>
		<td>Long, long ago, version unknown</td>
	</tr>

	<tr>
		<td valign=top><b>Rating:</b></td>
		<td><img src="bitmaps/2socket.gif" alt="*" width=64 height=32></td>
	</tr>
</table>

<hr noshade size=1>




<a name="Sniffit"></a>
<table cellspacing=0 cellpadding=5 border=0>
	<tr>
		<td valign=top><b>Package:</b></td>
		<td><a href="http://reptile.rug.ac.be/~coder/sniffit/sniffit.html">Sniffit</a></td>
	<tr>

	<tr>
		<td valign=top><b>Author:</b></td>
		<td>Brecht Claerhout</td>
	</tr>	

	<tr>
		<td valign=top><b>Platform(s):</b></td>
		<td>Unix</td>
	</tr>

	<tr>
		<td valign=top><b>User&nbsp;interface:</b></td>
		<td>Text</td>
	</tr>


	<tr>
		<td valign=top><b>Licensing:</b></td>
		<td>Freeware</td>
	</tr>

	<tr>
		<td valign=top><b>Commentary:</b></td>
		<td>
Sniffit is a Unix packet sniffer similar to tcpdump. Sniffit differs in
that it only dumps the data inside the TCP frames. It dumps this data to
files, two per logical connection, one for each direction. Each file is
just a raw data dump: there is no timing or sequencing information in
the files. This makes Sniffit mainly useful for verifying that your
program is sending the intended data, and that the remote machine is
replying correctly.
		</td>
	</tr>

	<tr>
		<td valign=top><b>Date&nbsp;tried:</b></td>
		<td>Long, long ago, version 0.3.5</td>
	</tr>

	<tr>
		<td valign=top><b>Rating:</b></td>
		<td><img src="bitmaps/3socket.gif" alt="*" width=96 height=32></td>
	</tr>
</table>

<hr noshade size=1>



</ul>

<h5>Winsock Shims:</h5>

<ul>


<a name="TracePlus"></a>
<table cellspacing=0 cellpadding=5 border=0>
	<tr>
		<td valign=top><b>Package:</b></td>
		<td><a href="http://www.sstinc.com/winsock.html">TracePlus/Winsock</a></td>
	<tr>

	<tr>
		<td valign=top><b>Vendor:</b></td>
		<td>Systems Software Technology, Inc.</td>
	</tr>	

	<tr>
		<td valign=top><b>Platform(s):</b></td>
		<td>Win16, Win32</td>
	</tr>

	<tr>
		<td valign=top><b>User&nbsp;interface:</b></td>
		<td>GUI</td>
	</tr>

	<tr>
		<td valign=top><b>Price:</b></td>
		<td>$150 for Win32 only, $210 for Win16 and Win32</td>
	</tr>

	<tr>
		<td valign=top><b>Licensing:</b></td>
		<td>Commercial</td>
	</tr>

	<tr>
		<td valign=top><b>Commentary:</b></td>
		<td>
TracePlus/Winsock is a Winsock shim for all combinations of Win32, Win16,
Winsock 1.1 and Winsock 2. This appears to be the most powerful product
of its kind, and seems like a good value as well. It is reportedly more
powerful than a simple Winsock DLL replacement because it uses proprietary
technology to hook into the existing DLL, allowing it to monitor a
greater variety of network activities than a simple DLL replacement can.

		</td>
	</tr>


</table>

<hr noshade size=1>




<a name="SocktSpy"></a>
<table cellspacing=0 cellpadding=5 border=0>
	<tr>
		<td valign=top><b>Package:</b></td>
		<td><a href="http://www.win-tech.com/html/socktspy.htm">SocktSpy</a></td>
	<tr>

	<tr>
		<td valign=top><b>Vendor:</b></td>
		<td>WinTECH</td>
	</tr>	

	<tr>
		<td valign=top><b>Platform(s):</b></td>
		<td>Win32 and Win16</td>
	</tr>

	<tr>
		<td valign=top><b>User&nbsp;interface:</b></td>
		<td>GUI</td>
	</tr>

	<tr>
		<td valign=top><b>Price:</b></td>
		<td>$60</td>
	</tr>

	<tr>
		<td valign=top><b>Licensing:</b></td>
		<td>Commercial</td>
	</tr>

	<tr>
		<td valign=top><b>Commentary:</b></td>
		<td>
SocketSpy is similar to TracePlus/Winsock, though it is cheaper and
the license price gets you both the 16 and 32-bit versions. SocketSpy
appears to work in much the same way as TracePlus, but since I haven't
reviewed either product myself, I can't recommend one over the other.
		</td>
	</tr>


</table>

<hr noshade size=1>


</ul>

		</td>
	</tr>
</table>


<!--  ---- Document Footer ----  -->

<hr noshade size=1 color=#404040>

<table cellpadding=5 cellspacing=0 border=0 width=95% align=center> 
	<tr>
		<td align=left>
		    <a href="../resources/sdks.html">&lt;&lt; SDKs and Specifications</a>
		</td>

		<td align=right>
		    <a href="../resources/misc.html">Miscellaneous Resources &gt;&gt;</a>
		</td>
	</tr>

	<tr>
		<td align=left>
			<i>Last modified on 29 April 2000 at 15:52 UTC-7</i>
		</td>

		<td align=right>
			<font size=-1>Please send corrections to <a href="mailto:tangent@cyberport.com">tangent@cyberport.com</a>.</font>
		</td>
	</tr>	
</table>	

<table cellpadding=5 cellspacing=0 border=0 width=95% align=center> 
	<tr>
		<td align=left width=33%>
			<font size=-1>
				<a href="../index.html"><b>&lt;</b> Go to the main FAQ page</a>
			</font>
		</td>

		<td width=33%>
			<font size=-1>
			<center>
				<a href="http://www.cyberport.com/~tangent/programming"><b>&lt;&lt;</b> Go to my Programming pages</a>
			</center>
			</font>
		</td>

		<td align=right width=33%>
			<font size=-1>
				<a href="http://www.cyberport.com/~tangent/"><b>&lt;&lt;&lt;</b> Go to my Home Page</a>
			</font>
		</td>
	</tr>	
</table>	


</body>
</html>