> "tcpdump is the premier network analysis tool for information security professionals. Having a solid grasp of this über-powerful application is mandatory for anyone desiring a thorough understanding of TCP/IP. Many prefer to use higher level analysis tools such as Ethereal Wireshark, but I believe this to usually be a mistake."
"When using a tool that displays network traffic a more natural (raw) way the burden of analysis is placed directly on the human rather than the application. This approach cultivates continued and elevated understanding of the TCP/IP suite, and for this reason I strongly advocate using tcpdump instead of other tools whenever possible."
What a load of nonsense. There is nothing inherently better about using tcpdump over Wireshark other than its ubiquity.
The idea that using Wireshark somehow robs you of insight into what your network activity is has no basis in reality. You're just as capable of viewing the raw network data in Wireshark as you are by using tcpdump. Wireshark may make it easier to analyse data, but you still have to know what you're working with to make good decisions when filtering and analysing network data. Furthermore, if you feel like you have to use the command line tcpdump and Tshark (Wireshark on the command line) are very similar. Lastly, if you've got a network capture made using tcpdump, you can open it with Wireshark/Tshark. There's literally nothing that makes tcpdump the superior tool, they're complimentary.
Yeah, that's what I mean about them being complimentary, tcpdump being useful to create the initial capture on a remote host, and Wireshark being useful to sift through it.
"When using a tool that displays network traffic a more natural (raw) way the burden of analysis is placed directly on the human rather than the application. This approach cultivates continued and elevated understanding of the TCP/IP suite, and for this reason I strongly advocate using tcpdump instead of other tools whenever possible."
What a load of nonsense. There is nothing inherently better about using tcpdump over Wireshark other than its ubiquity.
The idea that using Wireshark somehow robs you of insight into what your network activity is has no basis in reality. You're just as capable of viewing the raw network data in Wireshark as you are by using tcpdump. Wireshark may make it easier to analyse data, but you still have to know what you're working with to make good decisions when filtering and analysing network data. Furthermore, if you feel like you have to use the command line tcpdump and Tshark (Wireshark on the command line) are very similar. Lastly, if you've got a network capture made using tcpdump, you can open it with Wireshark/Tshark. There's literally nothing that makes tcpdump the superior tool, they're complimentary.