A Guided Tour of Ethereal

Learn exactly what's in all those packets flying by on your network with this essential development and administration tool.

Brad Hards is the technical director for Sigma Bravo, a small professional services company in Canberra, Australia. In addition to Linux, his technical foci include aircraft system integration and certification, GPS and electronic warfare. Comments on this article may be sent to bradh@frogmouth.net.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

application would

software free's picture

That application would be the ethereal GUI.

This way:
-no need for X on router
-no need to install ethereal on client
-no need to transmit all the packets over the wire, minimal network impact (packet processing would be server-side)

Re: A Guided Tour of Ethereal

bsilva's picture

Regarding the ability to capture packets remotely:
While it's true that Ethereal cannot do this dynamically, i.e.; with an agent on the remote end, Ethereal can read packet captures from command line tools such as tcpdump and snoop.

I use both of these tools to capture packets from Firewalls, Routers, servers, etc. I also use a beat-up Pentium-90 laptop as a network monitor that I can leave at a customer site. Once the data is collected I can analyse it with Ethereal. Ethereal will also read packet captures from commercial tools such as NAI's Sniffer tools.

Ethereal is a tool that just keeps getting a little better each year. I've used it to solve a variety of problems, but I've also used it to teach networking protocols. It's the best tool I know of to show students exactly how protocols are encapsulated in each other and to demonstrate exactly how data gets across the network.

On a slightly different note, it's interesting that I'm posting this comment on January 10th 2004, but the article claims to have been posted on Feburary 1st, 2004.

Thanks for the Article,
Brad Silva

tethereal

Anonymous's picture

I use SSH + tethereal from the command line to do remote captures

Sure that's what i do but it'

Anonymous's picture

Sure that's what i do but it's so much nicer to see live rolling capture in the ethereal GUI.

Re: A Guided Tour of Ethereal

Anonymous's picture

I think the date reflects the publishing date for the magazine, not for the article.

I agree with the remote capture comments, and some work on remote capture has been done, but when you are working with the Ethereal GUI, it would sometimes be nice to do "now show me what that remote machine is seeing, in real time". That needs more work.

Brad Hards

Re: A Guided Tour of Ethereal

Anonymous's picture

Isn't that was remote (secure) X display is for? Which is tremendously less overhead, potentially, than sending the entire packet contents across the wire to the "local" monitoring app?

Well ideally you would naviga

Anonymous's picture

Well ideally you would navigate to a webpage that would contain a java application.
That application would be the ethereal GUI.

This way:
-no need for X on router
-no need to install ethereal on client
-no need to transmit all the packets over the wire, minimal network impact (packet processing would be server-side)

Negative aspects:
-More CPU usage on router
-We need is someone to implement this!

An X display on a router is a

Anonymous's picture

An X display on a router is a waste of resources, especially since you'll probably end up doing all your work in shell windows inside X!

Re: A Guided Tour of Ethereal

Anonymous's picture

Actually, the RMON (and RMON2) protocol is substantially thinner than remote X. Ethereal just needs an RMON/RMON2 interface.

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState