Packet sniffing with Ethereal
Takeaway: This Linux tip tells you what the Ethereal packet sniffer has to offer.
A lesser-known packet sniffing tool for Linux with a nice GUI is Ethereal. Most Linux distributions come with Ethereal pre-packaged so it is very easy to install.
To begin, Ethereal should be run as root because it can put your network interface into promiscuous mode so that it can listen to all traffic, even if it isn't destined for the system. Once Ethereal is started, select Capture | Options from the toolbar. Here you can select what network interface to listen to (eth0 by default) as well as a number of other options. Click the Start button to start the packet capture session.
A little pop-up window will appear, indicating how many packets have been captured and what type they are (UDP, TCP, ICMP, etc.). Once you have enough packets, click the Stop button, and you can begin to analyze what has been captured.
The data that Ethereal shows is similar to tcpdump in many respects but far easier to browse. It shows the source and destination of any packet, the protocol used, and a basic information string. If you click on a packet in the list, you can examine the packet's contents. At the bottom of the screen you'll see the raw contents of the packet and if you select any item of the packet to view, such as the frame information, you'll see the corresponding part of the raw packet highlighted as well.
You can filter output based on expressions, and defining filters is easy with a GUI expression "builder." For instance, to see all Samba-related packets:
- Click the Expression button.
- Select SMB from the field name, and select Is Present for the relation.
- Click OK. Now only Samba-related packets will be shown.
Ethereal is a powerful tool to use when debugging network problems or potential threats, and its ease-of-use make it far simpler to use than tcpdump.
Print/View all Posts Comments on this article
 Ethereal works on Windows toostress junkie | 09/12/05 |
 monitor packets in real time using ethereal GUILuey | 09/13/05 |
| Thanksstress junkie | 09/13/05 |
 Hey! That worked!stress junkie | 09/16/05 |
| Ethereal works on windows toowaleowoeye@... | 09/10/07 |
| Great tool, lousy articleblarman | 09/13/05 |
 I loveDumphrey | 01/26/07 |
SponsoredWhite Papers, Webcasts, and Downloads
- Self-Tuning Disk Drives Eliminate Performance Bottlenecks and Heighten ROI Diskeeper
- The Road Ahead for Business Process Management SAP
- Live Webcast: Exchange Archiving: Avoid Journaling & Stubbing Traps and Stop the Domino Effect Mimosa Systems
- Streamline IT Operations and Drive Innovation Across Your Company SAP
- Defrag Myth Busters - What You Should Know Diskeeper
Article Categories
- Security
- Security Solutions, IT Locksmith
- Networking and Communications
- E-mail Administration NetNote, Cisco Routers and Switches
- CIO and IT Management
- Project Management, CIO Issues, Strategies that Scale
- Desktops, Laptops & OS
- Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP,
- Data Management
- Oracle, SQL Server
- Servers
- Windows NT, Linux NetNote, Windows Server 2003
- Career Development
- Geek Trivia
- Software/Web Development
- Web Development Zone, Visual Basic, .NET
