[ipv6hackers] Question on tools use to monitor fragmented packet attacks
Fernando Gont
fgont at si6networks.com
Sun Apr 14 03:07:42 CEST 2013
On 04/13/2013 05:44 PM, Owen DeLong wrote:
> I've found tcpdump to be a much easier and more versatile tool for this purpose as well.
>
> TCPdump's cleverness is usually a bit less "overly-clever" than wireshark and it seems to do a better job of noticing what is wrong and flagging it.
+1
Although there's stuf that it catches.. and, more importantly, it lags
behind wireshark when it comes to support of some IPv6/ND options (e.g.,
last time I checked it didn't support RDNSS).
For the general case, Wireshark's cleverness is sometimes close to
insane :-) .. whereas tcpdump shows you "exactly what you need".
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
More information about the Ipv6hackers
mailing list