Visual Traffic Analysis with Ethereal
Sift through network data with one of the most advanced protocol analyzers available.
one of the most popular protocol analyzers on the planet. It runs on
virtually all major platforms, including Linux, BSD, Mac OS X, and
Windows. Like tcpdump
[Hack #37], it
can capture packets
directly from a network interface, or analyze data from a previously
saved file. While capturing data, Ethereal can give you
statistics about which protocols are actively in use (Figure 3-35). Start capturing by selecting
Start..., select the interface you want to
capture from, and click
OK. Note that you need
proper permissions (typically root privileges) to actually capture
Figure 3-35. Ethereal gives you statistics about the protocols it sees as it captures packets.
If you would like to see these statistics again (with even more
detail) after you have finished capturing packets, go to
Statistics. You can use this on previously captured dump
files as well. If you already have some captured data (say, saved
with tcpdump from a remote machine), you can simply click
select the file you’d like to analyze.
Ethereal displays the data it has collected in three ways. The top part of the window shows a summary of the data, with one packet per line. This lists the sequence, time, IP data, protocol, ...