What is Ethereal?

Every network manager at some time or other needs a tool that can capture packets off the network and analyze them. In the past, such tools were either very expensive, propietary, or both. However, with the advent of Ethereal, all that has changed.

Ethereal is perhaps one the best open source packet sniffers available today. The following are some of the features Ethereal provides:

• Available for UNIX and Windows.

• Capture and display packets from any interface on a UNIX system.

• Display packets captured under a number of other capture programs:

  • tcpdump

  • Network Associates Sniffer and Sniffer Pro

  • NetXray

  • LANalyzer

  • Shomiti

  • AIX's iptrace

  • RADCOM's WAN/LAN Analyzer

  • Lucent/Ascend access products

  • HP-UX's nettl

  • Toshiba's ISDN routers

  • ISDN4BSD i4btrace utility

  • Microsoft Network Monitor

  • Sun snoop

• Save captures to a number of formats:

  • libpcap (tcpdump)

  • Sun snoop

  • Microsoft Network Monitor

  • Network Associates Sniffer

• Filter packets on many criteria.

• Search for packets using filters.

• Colorize packet display based on filters

However, to really appreciate its power, you have to start using it.

Figure 1 shows Ethereal having captured some packets and waiting for you to examine the packets.

In addition, because all the source code for Ethereal is freely available, it is very easy for people to add new protocols to Ethereal, either as modules, or built into the source.

There are currently protocol decoders (or dissectors, as they are known in Ethereal), for a great many protocols, including:

• 802.1q Virtual LAN

• AOL Instant Messenger

• ATM

• ATM LAN Emulation

• Address Resolution Protocol

• Andrew File System (AFS)

• Appletalk Address Resolution Protocol

• Async data over ISDN (V.120)

• Authentication Header

• BACnet Virtual Link Control

• Banyan Vines

• Banyan Vines Fragmentation Protocol

• Banyan Vines SPP

• Blocks eXtensible eXchange Protocol

• Boot Parameters

• Bootstrap Protocol

• Border Gateway Protocol

• Building Automation and Control Network APDU

• Building Automation and Control Network NPDU

• Cisco Auto-RP

• Cisco Discovery Protocol

• Cisco Group Management Protocol

• Cisco HDLC

• Cisco Hot Standby Router Protocol

• Cisco ISL

• Cisco Interior Gateway Routing Protocol

• Cisco SLARP

• Common Open Policy Service

• Common Unix Printing System (CUPS) Browsing Protocol

• DCE RPC

• DCE/RPC Conversation Manager

• DCE/RPC Endpoint Mapper

• DCE/RPC Remote Management

• DCOM OXID Resolver

• DCOM Remote Activation

• DEC Spanning Tree Protocol

• DG Gryphon Protocol

• Data

• Data Stream Interface

• Datagram Delivery Protocol

• Diameter Protocol

• Distance Vector Multicast Routing Protocol

• Domain Name Service

• Dynamic DNS Tools Protocol

• Encapsulating Security Payload

• Enhanced Interior Gateway Routing Protocol

• Ethernet

• FTP Data

• Fiber Distributed Data Interface

• File Transfer Protocol (FTP)

• Frame

• Frame Relay

• GARP VLAN Registration Protocol

• GPRS Tunneling Protocol

• General Inter-ORB Protocol

• Generic Routing Encapsulation

• Gnutella Protocol

• Hummingbird NFS Daemon

• Hypertext Transfer Protocol

• ICQ Protocol

• IEEE 802.11 wireless LAN

• IEEE 802.11 wireless LAN management frame

• ILMI

• IP Payload Compression

• IPX Message

• IPX Routing Information Protocol

• ISDN Q.921-User Adaptation Layer

• ISDN User Part

• ISIS HELLO

• ISO 10589 ISIS Complete Sequence Numbers Protocol Data Unit

• ISO 10589 ISIS InTRA Domain Routeing Information Exchange Protocol

• ISO 10589 ISIS Link State Protocol Data Unit

• ISO 10589 ISIS Partial Sequence Numbers Protocol Data Unit

• ISO 8073 COTP Connection-Oriented Transport Protocol

• ISO 8473 CLNP ConnectionLess Network Protocol

• ISO 8602 CLTP ConnectionLess Transport Protocol

• ISO 9542 ESIS Routeing Information Exchange Protocol

• ITU-T Recommendation H.261

• Internet Cache Protocol

• Internet Control Message Protocol

• Internet Control Message Protocol v6

• Internet Group Management Protocol

• Internet Message Access Protocol

• Internet Printing Protocol

• Internet Protocol

• Internet Protocol Version 6

• Internet Relay Chat

• Internet Security Association and Key Management Protocol

• Internetwork Packet eXchange

• Kerberos

• Kernel Lock Manager

• Label Distribution Protocol

• Layer 2 Tunneling Protocol

• Lightweight Directory Access Protocol

• Line Printer Daemon Protocol

• Link Access Procedure Balanced (LAPB)

• Link Access Procedure Balanced Ethernet (LAPBETHER)

• Link Access Procedure, Channel D (LAPD)

• Linux cooked-mode capture

• Local Management Interface

• Logical-Link Control

• Lucent/Ascend debug output

• MAPI

• MS Proxy Protocol

• MSNIP : Multicast Source Notification of Interest Protocol

• MTP 3 User Adaptation Layer

• MTP2 Peer Adaptation Layer

• Malformed Frame

• Media Gateway Control Protocol

• Message Transfer Part Level 3

• Microsoft Windows Browser Protocol

• Microsoft Windows Lanman Protocol

• Microsoft Windows Logon Protocol

• Mobile IP

• Modbus/TCP

• Mount Service

• MultiProtocol Label Switching Header

• Multicast Router DISCovery protocol

• Multicast Source Discovery Protocol

• NIS+

• NIS+ Callback

• Name Binding Protocol

• Name Management Protocol over IPX

• NetBIOS

• NetBIOS Datagram Service

• NetBIOS Name Service

• NetBIOS Session Service

• NetBIOS over IPX

• NetWare Core Protocol

• Network File System

• Network Lock Manager Protocol

• Network News Transfer Protocol

• Network Status Monitor CallBack Protocol

• Network Status Monitor Protocol

• Network Time Protocol

• Null/Loopback

• Open Shortest Path First

• PPP IP Control Protocol

• PPP Link Control Protocol

• PPP Multilink Protocol

• PPP Password Authentication Protocol

• PPP-over-Ethernet Discovery

• PPP-over-Ethernet Session

• Point-to-Point Protocol

• Point-to-Point Tunnelling Protocol

• Portmap

• Post Office Protocol

• Pragmatic General Multicast

• Protocol Independent Multicast

• Q.2931

• Q.931

• Quake II Network Protocol

• Quake Network Protocol

• QuakeWorld Network Protocol

• RFC 2250 MPEG1

• RIPng

• RX Protocol

• Radio Access Network Application Part

• Radius Protocol

• Real Time Streaming Protocol

• Real-Time Transport Protocol

• Real-time Transport Control Protocol

• Remote Procedure Call

• Remote Quota

• Remote Shell

• Remote Wall protocol

• Resource ReserVation Protocol (RSVP)

• Rlogin Protocol

• Routing Information Protocol

• Routing Table Maintenance Protocol

• SCCP user adaptation layer light

• SMB (Server Message Block Protocol)

• SMB MailSlot Protocol

• SNMP Multiplex Protocol

• SPRAY

• SSCOP

• Secure Socket Layer

• Sequenced Packet eXchange

• Service Advertisement Protocol

• Service Location Protocol

• Session Announcement Protocol

• Session Description Protocol

• Session Initiation Protocol

• Short Frame

• Simple Mail Transfer Protocol

• Simple Network Management Protocol

• Sinec H1 Protocol

• Socks Protocol

• Spanning Tree Protocol

• Stream Control Transmission Protocol

• Syslog message

• Systems Network Architecture

• TACACS

• TACACS+

• TPKT

• Telnet

• Time Protocol

• Token-Ring

• Token-Ring Media Access Control

• Transmission Control Protocol

• Transparent Network Substrate Protocol

• Trivial File Transfer Protocol

• User Datagram Protocol

• Virtual Router Redundancy Protocol

• Virtual Trunking Protocol

• Web Cache Coordination Protocol

• Wellfleet Compression

• Who

• Wireless Session Protocol

• Wireless Transaction Protocol

• Wireless Transport Layer Security

• X.25

• X.25 over TCP

• X11

• Yahoo Messenger Protocol

• Yellow Pages Bind

• Yellow Pages Passwd

• Yellow Pages Service

• Yellow Pages Transfer

• Zebra Protocol

• iSCSI