Ethereal Packet Sniffing
This book provides insider information on how to optimize performance of Ethereal on enterprise networks, and shows how Ethereal compiles and runs on many flavors of UNIX and Windows.
TABLE OF CONTENTS Ethereal Packet Sniffing
Frequently Asked Questions
The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the Ask the Author form. You will also gain access to thousands of other FAQs at ITFAQnet.com.
| 1. | Why is Ethereal so slow displaying data during capture? It seems to lock up. |
|
| 2. | Why is it when I select some fields in the Protocol Tree Window I don t see the field name in the Information field? How can I filter on the field if I can t find out its name? |
|
| 3. | Why do I sometimes see an IP address or a TCP/UDP port number or a MAC address twice, once in parenthesis and once not? |
|
| 4. | I need more complicated capture filtering than tcpdump-style capture filters provide; can I use Ethereal s display filters to restrict what I capture? |
|
| 5. | Does Ethereal really capture all the traffic arriving at an interface when capturing in promiscuous mode? |
|
| 6. | Why am I seeing packets that aren t addressed to or being sent by my local interface even though I ve turned off capturing in promiscuous mode? |
|
Answers
| 1. | Your version of Ethereal may have been compiled without the ADNS (Asynchronous DNS) library. If so, Ethereal is stopping to do a DNS lookup for the source and destination IP address in... |
Copyright Syngress Publishing, Inc. 2004 under license agreement with Books24x7
