Ethereal

Ethereal Review

Ethereal is an open source network protocol analyzer, or commonly referred to as a sniffer application. Ethereal can be used on windows, linux, or even in a solaris environment.

Click for Ethereal website.

Ethereal has an outstanding feature that will trace will allow you to "Follow TCP Stream". This is very useful in filtering out all the other traffic once you have identified a tcp packet that you are looking for. Additionally this same feature will cut out all the other layers of network communication and concentrate on the http headers and content. Very useful if you want to quickly identify and analyze a specific packet sequence.

Ethereal also has the ability to perform capture and display filtering. A capture filter can be defined to determine what packets to capture when you start your sniffer trace. A display filter is after all the packets have been captured. You can use a display filter to limit what is displayed on the screen, then modify or change your display filter with the captured or sniffed packets you have.

Ethereal's main display windows are quick and easy to navigate. Initially you start with 3 basic frames with the ethereal GUI.

The first is a overview packet by packet. This frame has quick sorting capabilities, which is helpful in quickly isolating a specific protocol, grouping source or destination ip addresses, and the packet number (when the packet was observed by your network interface card).

The second frame is a specific packet breakdown. Whichever packet you highlight in the first top frame, is displayed in the second middle frame. This has valuable information to determine the network layers. Whether it be the Ethernet, IP, TCP or any other layer in the packet.

The final bottom frame is the raw hex output of the highlighted packet.

Ethereal is a bit more difficult to start using than some of the other sniffer applications. The display and capture filters take a bit to get use to, and you have to learn the filter syntax to quickly generate the filters you need.

Overall Ethereal is a spectacular sniffer application to use. If you can get past the display and capture filters, I would highly recommend this sniffer application. Ethereal is open source, meaning anyone can download it for free, and it has cross platform compatibility to use on both Windows and Linux. With the cross platform compatibility, you can be on the majority of Operating Systems you could encounter and be able to have and use a sniffer application for them that is the same.