UrlBlogGrey

I'm currently researching different packet capture utilities available for Documentum's supported platforms to aid us in diagnosing customer problems. I'm familiar with the Ethereal program, which offers a nice graphical interface capable of capturing, displaying, and reporting on captured traffic. However, installing Ethereal on some platforms can be difficult. For instance, Mac OS X requires Fink to run Ethereal. Installing additional programs such as Fink might not be acceptable in our customer's high-security environments. This is why using existing tools is highly desirable.

There are two tools available on most UNIX-based systems (including Mac OS X) effective at capturing and recording network traffic. They are 'tcpdump' and 'pcap'. Pcap stands for "Packet Capture", and is responsible for interfacing with the network adapter to sniff Ethernet traffic. Tcpdump can use pcap to capture traffic and report the information to a file or the console. The tcpdump file format is recognized by Ethereal, so customers using tcpdump can supply us with the dump file which we can then analyze in Ethereal. The network traffic can reveal many critical details explaining why the product is not working as desired.