

The difference between packet analysis and protocol analysis - rgeorge28
http://blog.wildpackets.com/2009/08/the-difference-between-packet-analysis-and-protocol-analysis.html

======
tptacek
This is marketing BS. Every company that ever pulled a raw ethernet frame into
their code has felt the need to write some little white paper like this
explaining why THEIR way of reading raw ethernet frames is different from all
the other ways of looking at raw ethernet frames.

Here, you have the Wildpackets people trying to position themselves as "the
company that actually looks past the first 40 bytes of the TCP segment into
the payload". Amazing. It must have cost their engineers hundreds of thousands
to figure out how to cost-effectively increment that pointer so far.

Other companies call that "deep packet inspection". Also marketing BS.

Somewhere out there is another company writing a white paper about how
important it is not only to look at packets, but also to reassemble the TCP
streams.

Somewhere else is a company trying to position themselves the other direction
by looking at NetFlow instead of packets.

Another one is trying to look at socket buffers on the server.

It just goes on and on.

Like with malware, you can't have a rational discussion (at least not with me)
about what the terminology here means. Wildpackets isn't writing this to
educate you about terms; they're writing it to promote a marketing message.
All the terminology has been poisoned.

