[plug] ethereal

Craig Ringer craig at postnewspapers.com.au
Fri Jul 23 13:13:31 WST 2004


On Fri, 2004-07-23 at 12:06, Marc Wiriadisastra wrote:
> I'm just messing around with stuff on my fc computer and I've come 
> across ethereal.  Now I know its a packet monitoring program can someone 
> please explain what the purpose apart from looking at packets its used for.

Well, it's used for network troubleshooting, program testing, protocol
reverse engineering, network security analysis and network intrusion
monitoring (as mentioned by Marc) among other things. It's handy for all
these things because it's so flexible - it can display and analyze
traffic in real time or from a stored capture file, it can filter
traffic based on an incredibly flexible ruleset, and it can track
relationships between packets in traffic flows. 

Ethereal can make it possible to pick out one connection in amongst a
100MBit/s traffic stream, then reconstruct that connection's traffic
into a human-readable text display of the data transmitted, plus a delay
graph showing how long the gaps between each packet were.

It's great, and it's saved my sanity several times when trying to debug
weird network problems. When combined with a good switch that can dump
all traffic down one designated monitoring port (ideally a gigabit
port), Ethereal is just incredible for tracking down odd network
problems.

Ethereal is a great tool to be familiar with, and I'd advise you to play
with it and learn about it if you plan to work with networks in the
future.

--
Craig Ringer






More information about the plug mailing list