AnalogX PacketMon v1.0
Results 1 to 3 of 3

Thread: AnalogX PacketMon v1.0

  1. #1
    Junior Member
    Join Date
    Nov 2004
    Posts
    4

    AnalogX PacketMon v1.0

    Hi All.

    I've followed the PacketMon's author's instructions for filter settings in Active Rules to capture only outgoing packets from my Windows XP SP2 machine, however it will always default to capturing inbound traffic only disregarding filter settings.

    Anyone have suggestions on rectifying the anomaly?


    Regards,
    AvianFlux

  2. #2
    Junior Member
    Join Date
    Nov 2004
    Posts
    4

    Radsoft Review

    I discovered this rather unflattering review at Radsoft.net:


    Anal spinback out of control
    February 18, 2002 2:14 PM UTC

    PacketMon Pokemon? After a prolonged period away from the Internet, AnalogX returned yesterday - and fell promptly on the seat of his pants.

    The uncle of the half-baked program AnalogX (Mark Thompson) disappeared a while back from his ever so popular website without an explanation. Where is Anal? everyone asked puzzled, and the only event they could couple to the up-in-smoke act was the ultimate downfall of AnalogX Proxy Server which got righteously slaughtered in the security press. It was never properly fixed and suddenly the site was dormant.

    Then last year Chris Pirillo of the Lockergnome held his first-ever "silicorn valley" expo and Thompson showed up as one of the keynote speakers along with notorious McAfee media slut Steve Gibson. Would Anal now attempt a comeback? Had his feelings been hurt? The very same people who had screamed to the heavens over his abysmal programming talents were actually wondering, actually starting to feel sorry for him.

    They needn't have bothered. Thompson officially relaunched his site on 9 January of this year and brought his latest love child PacketMon into the world on 17 February, five weeks later.

    But this love child is stillborn, and one hopes sincerely Thompson was not programming all of the five weeks since the 9 January re-opening. For no sooner had the news of the app begun to make the rounds than another rumour began to spread, namely that software guru Robin Keir was coming up from under the bonnet with some very weird test results.

    I hope this doesn't come across as sounding like I am criticizing this program just for the sake of it but I believe AnalogX should have spent some more time debugging this. The program is a valiant effort, but suffers from great instability and many bugs. In my brief tests I have found many problems:

    It doesn't recognize packets greater than 2048 bytes in size.

    It is trivial to crash it by creating rules that cause the program to attempt to read memory out of bounds, such as a binary filter set to look at offsets outside of the packet in question and to look for strings that are longer than the packet it is looking at.

    The program simply vanishes when attempting to view some packets. Try doing a traceroute to www.analogx.com then step through each packet by clicking the "Next" button in packet view mode.

    It incorrectly identifies TCP options data as packet data.

    It doesn't recognize UDP packets that haven't been sent from the local machine or sent to an open socket on the local machine, other than broadcast packets. This is actually a "feature" of the MS raw socket implementation. You can only sniff UDP packets using Winsock if your PC has sent them using non-raw sockets or if the UDP packets are being sent to an already listening socket on the local host. It is therefore no use for sniffing UDP packets sent to random ports on your PC (such as in a DoS attack).
    Internet architect Sargon who tested the app within hours of its release was less merciful.

    This guy amazes me. Does he understand IP stacks at all? Does he understand what a protocol analyzer is supposed to do?

    Does he even understand what end-users are looking for in an application?
    The PacketMon application is built, like all AnalogX applications, with Thompson's (semi 32-bit) nine year old Watcom code generator from 1993 and therefore weighs in at the expected 185KB. Compare if you will to the minimalist X-frame from radsoft.net - a 13KB footprint and in contrast a conspicuous lack of bugs.

  3. #3
    Junior Member
    Join Date
    Nov 2004
    Posts
    4

    Ehternet-LAN

    Forget about it.

    PanketMon will not capture two-way traffic without a Ethernet-LAN network. Dialup's restricted to inbound traffic sniffing only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •