Home > Ethereal

Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product.

The functionality it provides is very similar to tcpdump (c.f.), but Ethereal adds a well-designed GUI frontend, and many more information sorting and filtering options. It allows the user to see all traffic being passed over the network (usually an Ethernet network but support is being added for others) by putting the network card into promiscuous mode.

Its open source license allows talented experts in the networking community to add enhancements. It runs on most Unix and Unix-compatible systems, including Linux, Solaris, FreeBSD, NetBSD, OpenBSD, and Mac OS X, and on Windows.

1 Features

• Data can be captured "off the wire" from a live network connection, or read from a capture file.
• Live data can be read from Ethernet, FDDI, PPPIn computing, the Point-to-Point Protocol or PPP is commonly used to establish a direct connection between two nodes. Its primary use has been to connect computers using a phone line, though it is also occasionally used over broadband connections. Many IS, Token Ring, IEEE 802.11IEEE 802. 11 or Wi-Fi denotes a set of Wireless LAN standards developed by working group 11 of IEEE 802. The term is also used specifically for the original version; to avoid confusion that is sometimes called "802. 11 family currently includes three sepa, Classical IPIP is an acronym for: Internet Protocol, the computer networking protocol used on the Internet intellectual property, a legal metaphor encompassing copyright, patent, trademark, and trade secret law instruction pointer, the computer processor ( CPU) regis over ATMAsynchronous Transfer Mode or ATM for short, is a cell relay network protocol which encodes data traffic into small fixed sized (53 byte) cells instead of variable sized packets as in packet-switched networks (such as the Internet Protocol or Ethernet)., and loopbackA loopback is a communications channel with only one endpoint. Any message transmitted through such a channel is immediately received by the selfsame channel. The Internet protocol (IP) specifies a loopback network''. Under IPv4, this has the CIDR address interfaces (at least on some platforms; not all of those types are supported on all platforms).
• Captured network data can be browsed via a GUI, or via the TTY -mode "tethereal" program.
• Captured files can be programmatically edited or converted via command-line switches to the "editcap" program.
• Display filters can also be used to selectively highlight and color packet summary information.
• Data display can be refined using a display filter.
• 602 protocols can currently be dissected.
• And more...