A Guided Tour of Ethereal

Learn exactly what's in all those packets flying by on your network with this essential development and administration tool.

Brad Hards is the technical director for Sigma Bravo, a small professional services company in Canberra, Australia. In addition to Linux, his technical foci include aircraft system integration and certification, GPS and electronic warfare. Comments on this article may be sent to bradh@frogmouth.net.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

application would

software free's picture

That application would be the ethereal GUI.

This way:
-no need for X on router
-no need to install ethereal on client
-no need to transmit all the packets over the wire, minimal network impact (packet processing would be server-side)

Re: A Guided Tour of Ethereal

bsilva's picture

Regarding the ability to capture packets remotely:
While it's true that Ethereal cannot do this dynamically, i.e.; with an agent on the remote end, Ethereal can read packet captures from command line tools such as tcpdump and snoop.

I use both of these tools to capture packets from Firewalls, Routers, servers, etc. I also use a beat-up Pentium-90 laptop as a network monitor that I can leave at a customer site. Once the data is collected I can analyse it with Ethereal. Ethereal will also read packet captures from commercial tools such as NAI's Sniffer tools.

Ethereal is a tool that just keeps getting a little better each year. I've used it to solve a variety of problems, but I've also used it to teach networking protocols. It's the best tool I know of to show students exactly how protocols are encapsulated in each other and to demonstrate exactly how data gets across the network.

On a slightly different note, it's interesting that I'm posting this comment on January 10th 2004, but the article claims to have been posted on Feburary 1st, 2004.

Thanks for the Article,
Brad Silva

tethereal

Anonymous's picture

I use SSH + tethereal from the command line to do remote captures

Sure that's what i do but it'

Anonymous's picture

Sure that's what i do but it's so much nicer to see live rolling capture in the ethereal GUI.

Re: A Guided Tour of Ethereal

Anonymous's picture

I think the date reflects the publishing date for the magazine, not for the article.

I agree with the remote capture comments, and some work on remote capture has been done, but when you are working with the Ethereal GUI, it would sometimes be nice to do "now show me what that remote machine is seeing, in real time". That needs more work.

Brad Hards

Re: A Guided Tour of Ethereal

Anonymous's picture

Isn't that was remote (secure) X display is for? Which is tremendously less overhead, potentially, than sending the entire packet contents across the wire to the "local" monitoring app?

Well ideally you would naviga

Anonymous's picture

Well ideally you would navigate to a webpage that would contain a java application.
That application would be the ethereal GUI.

This way:
-no need for X on router
-no need to install ethereal on client
-no need to transmit all the packets over the wire, minimal network impact (packet processing would be server-side)

Negative aspects:
-More CPU usage on router
-We need is someone to implement this!

An X display on a router is a

Anonymous's picture

An X display on a router is a waste of resources, especially since you'll probably end up doing all your work in shell windows inside X!

Re: A Guided Tour of Ethereal

Anonymous's picture

Actually, the RMON (and RMON2) protocol is substantially thinner than remote X. Ethereal just needs an RMON/RMON2 interface.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix