[ipv6hackers] Question on tools use to monitor fragmented packet attacks

Fernando Gont fgont at si6networks.com
Sun Apr 14 03:07:42 CEST 2013

On 04/13/2013 05:44 PM, Owen DeLong wrote:
> I've found tcpdump to be a much easier and more versatile tool for this purpose as well.
> TCPdump's cleverness is usually a bit less "overly-clever" than wireshark and it seems to do a better job of noticing what is wrong and flagging it.


Although there's stuf that it catches.. and, more importantly, it lags
behind wireshark when it comes to support of some IPv6/ND options (e.g.,
last time I checked it didn't support RDNSS).

For the general case, Wireshark's cleverness is sometimes close to
insane :-) .. whereas tcpdump shows you "exactly what you need".

Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the Ipv6hackers mailing list