Ethereal: Difference between revisions

Ethereal is the most popular GUI protocol analyzer.

Starting it on UBOs

Remember you need to be root to run ethereal because you will be putting your network card into promiscuous mode. If you're starting it from a terminal, you probably want to run:

# su -p -c ethereal

assuming ethereal is in root's $PATH, if not, include the full path.

Using it

Once in Ethereal, go to

Capture -> Interfaces

and choose the interface you want to capture on. Then just hit "stop" when you want to stop sniffing. You will now see a list of the packets you have captured.

Fun things to do with your captured packets:

Right click on one of the TCP packets and see if there is an option "Follow TCP stream". You will notice when you close the follow TCP stream window that the filter text box that was empty now contains a filter. You can clear this filter to start over with all over your captured packets, or fine tune the filter to find exactly what you are looking for.

If there isn't a lot of traffic on your interface, try going to a webpage in your browser while you are capturing. Now when you view the TCP stream of your HTTP request, you will see what happens behind the scenes with your Browser.