Ethereal offers more protocol decoding and reassembly than any free sniffer out there and ranks well among the commercial tools. You’ve all used tools like tcpdump or windump to examine individual packets, but Ethereal makes it easier to make sense of a stream of ongoing network communications. Ethereal not only makes network troubleshooting work far easier, but also aids greatly in network forensics, the art of finding and examining an attack, by giving a better “big picture” view. Ethereal Packet Sniffing will show you how to make the most out of your use of Ethereal.
- Learn About Network Analyzers: Learn about the types of sniffers available today and see the benefits of using Ethereal.
- Master Tethereal: Use Tethereal, the command line version of Ethereal, to capture live packets from the wire or to read saved capture files.
- Install and Configure Ethereal: Find out how to install Ethereal on Windows and Unix and see how to build Ethereal from source.
- Explore the Ethereal Graphic User Interface: Learn your way around the menus, windows, and command-line options of Ethereal.
- Write Capture and Display Filters: Pinpoint network problems using filters to manage network operations and traffic.
- Benefit from the Additional Programs Packaged with Ethereal: Learn about the suite of programs that provide command line capturing, formatting, and manipulating capabilities: Tethereal, Editcap, Mergecap, and Text2pcap.
- Integrate Ethereal with Other Sniffers: Import and export files between Ethereal and various compatible products, including WinDump, Snort, Snoop, Microsoft Network Monitor, and EtherPeek.
- Scan the Network: See how to use network scanning to detect open ports and services on systems.
- Master Advanced Ethereal Topics: Create sub-trees, display bitfields in a graphical view, track request and reply packet pairs, and configure different Ethereal components.