<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY style="MARGIN-TOP: 2px; FONT: 10pt Book Antiqua; MARGIN-LEFT: 2px">
<DIV>It's every network engineers best friend for troubleshooting "why the
network is slow". I've used it to track down workstations that had viruses
on them. Users abusing network policies with steaming video and
music. So yes it's a very good tool (and it's free too). I had prior
to this a $18,000 tool to do the same except it did explain everything in plain
English, however when the $$$$ are coming out of your pocket you tend to look
for a good replacement and this fit the bill perfectly (even using tethereal on
the Linux side is worth using).</DIV>
<DIV> </DIV>
<DIV>Jon</DIV>
<DIV> </DIV>
<DIV>Jon L. Miller, MCNE, CNS, ASE<BR>Director/Sr Systems Consultant<BR>MMT
Networks Pty Ltd<BR><A
href="http://www.mmtnetworks.com.au">http://www.mmtnetworks.com.au</A></DIV>
<DIV> </DIV>
<DIV>"I don't know the key to success, but the key to failure<BR> is trying
to please everybody." -Bill Cosby</DIV>
<DIV> </DIV>
<DIV><BR><BR>>>> tcleary2@csc.com.au 12:28:19 pm 23/07/2004
>>><BR><BR><FONT face=sans-serif size=2>Marc,</FONT> <BR><BR><FONT
face=sans-serif size=2>You said:</FONT> <BR><FONT face=sans-serif
size=2>></FONT><FONT size=2><TT>Now I know its a packet monitoring program
can someone<BR>>please explain what the purpose apart from looking at packets
its used for.</TT></FONT> <BR><BR><FONT size=2><TT>You need something more?
;-)</TT></FONT> <BR><BR><FONT size=2><TT>ethereal is one of the best
troubleshooting tools you can get because it does things like permitting you to
follow particular conversations from a captured datastream by selective use of
filtering/masking.</TT></FONT> <BR><BR><FONT size=2><TT>This is especially
useful when some nasty person attacks you, because you can reconstruct what the
bounder did, if you can get a full packet dump in a transportable format ( i.e.
pcap format )</TT></FONT> <BR><BR><FONT size=2><TT>I've found it very useful
when investigating "malicious activity" of various sorts, backing up IDS
alerts.</TT></FONT> <BR><BR><FONT size=2><TT>It is pleasant to disabuse people
of the notion that "In Cyberspace no one can see your crime".</TT></FONT>
<BR><BR><FONT size=2><TT>Regards,</TT></FONT> <BR><BR><FONT
size=2><TT>tom.</TT></FONT> <BR><FONT face=sans-serif
size=2>----------------------------------------------------------------------------------------<BR>Tom
Cleary - Security Architect<BR><BR>CSC Perth<BR><BR>"In IT, acceptable solutions
depend upon humans - Computers don't
negotiate."<BR>----------------------------------------------------------------------------------------<BR>This
is a PRIVATE message. If you are not the intended recipient, please delete
without copying and kindly advise us by e-mail of the mistake in delivery. NOTE:
Regardless of content, this e-mail shall not operate to bind CSC to any order or
other contract unless pursuant to explicit written agreement or government
initiative expressly permitting the use of e-mail for such
purpose.<BR>----------------------------------------------------------------------------------------<BR></DIV></FONT></BODY></HTML>