Ethereal Packet Sniffing
This book provides insider information on how to optimize performance of Ethereal on enterprise networks, and shows how Ethereal compiles and runs on many flavors of UNIX and Windows.
TABLE OF CONTENTS Ethereal Packet Sniffing
Solutions Fast Track
Getting started with Ethereal
-
Binary Ethereal packages for Windows, Linux, and various UNIX flavors can be downloaded from www.ethereal.com.
-
Source code can be downloaded and compiled from www.ethereal.com if the binary packages available don t meet your needs.
-
Ethereal can be launched by typing ethereal at the command line.
Exploring the Main Windows
-
The Summary Window provides a one-line summary for each packet.
-
The Protocol Tree Window provides a detailed decode of the packet selected in the Summary Window.
-
The Data View Window provides the hexadecimal (or hex) dump of the packets actual bytes.
Other Window Components
-
The filter bar provides a quick mechanism for filtering the packets displayed in the Summary Window.
-
Clicking the filter bar s Filter: button will display the Display Filter dialog box to help you construct a display filter string.
-
The Information field will show the display filter field name of the field selected in the Protocol Tree Window.
Exploring the Menus
-
Most preferences can be set in the Preferences dialog box.
-
There are context-sensitive pop-up menus available by right-clicking on the Summary Window, Protocol Tree Window, or Data View Window.
-
Packets in the Summary Window can be color-coded for easy reading by using the Apply Color Filters dialog box.
Using Command Line Options
-
Ethereal can apply display filters to packets read from a file with the R flag, discarding packets that don t match the filter.
-
Ethereal uses r to indicate a file to read from and w to indicate...
Copyright Syngress Publishing, Inc. 2004 under license agreement with Books24x7
