Ethereal: Reknowned Network Packet Sniffer Network Sniffer

[sandeep1405241520 0]

hi all,

Have u tried the most used network monitoring tool : Ethereal.
Its also known as Network traffic sniffer because it captures the network traffic and presents the packets after formatting it. The user can bring out information about a particluar thing like what's happening at a particular port. To do that one just need to apply a filter and the required information will be presented in a well formatted way.

Not only this, it can also open a binary log file created by other sniffers like Snort, TCP Dump etc.
Moreover, its freeware.
It can be downloaded from:

http://www.aos5.com/ 
cloud 10MB

I used it for the first time for understanding the 3 way connection establishment process of TCP/IP. It clearly tells what all flags are set or reset when a packet is being sent or received.

You can find more information at the Ethereal website.

Hope that helped.
Regards

[vicky99 0]

Hi sandeepI read your article. I have a cyber cafe. With the software you talk about can i see all the request made by the client computers? Is it possible to know which site they are viewing? If it is possible then it can help us a great deal. We will be track whether any one is accessing pornographic stufs hence we will be able to keep our computer as well as network healthy.

[tansqrx 0]

I do a lot of network programming and Ethereal is an absolute essential tool to have. When I reformat my computer this is one of the first tools that get loaded. I have always found it a fun exercise to close all programs and let Ethereal run. You can very quickly get an idea of what programs running on your computer are talking to the Internet without your knowledge. You will get the usual ARP requests, MS Browser requests, and sometimes AV updates. The things to look out for is traffic that you were not expecting, perhaps a spyware program talking to http://www.theplacematpeople.com/. This is actually one of the sure fire ways to find spyware on your system. You just have to be patient and educate yourself on what you are looking at.In response to vicky99’s question, it all depends. I am assuming that you have a wireless café running into a broadband connection. I am also assuming that the network is internally switched (meaning you have a switch not a hub) and everyone is running a variant of Windows.The purpose of Ethereal is to listen to all network traffic seen by your computer. There is an additional mode of Ethereal called promiscuous mode that will not only allow you to see traffic addressed to your particular computer but anything on the wire. You should review a good networking book for all of the details but basically if you have a hub then you will be able to see everything that all computers on your network sends and receives. If you have a switched environment then you will only see what is coming to your computer. This may further be complicated by NAT routing. Once again you should get a good understanding of how common networks work.What you see is also determined by the placement of the listening computer. If you are one of the computers out in the larger network then you will not see as much. The idea placement should be between your LAN hub or switch and the Internet connection or router. Another caveat to this process is if you have wireless. Promiscuous mode usually does not work on wireless networks on Windows based machines. This is yet another reason to place the listener right before the external Internet connection.As for seeing all traffic that your patrons are requesting, yes you can very well do that. The downside is that there will be A LOT of traffic and you will have to learn how to filter the requests. Ethereal is only a listener. If you want to be more proactive then you will have to use another product such as Snort. Snort is another free open source product and is usually used as an intrusion detection system (IDS). It uses all the same file formats as Ethereal so the two are very complementary. I am far from an expert on Snort so I will leave it to someone else to explain the finer details. Entire books (quite large ones) have been written on both Ethereal and Snort as well as a large amount of information on the web.At the very least you should try it out. You have nothing to loose and a great deal of knowledge to gain. If you have a question then stop by the Ethereal website, the documentation is quite good. The mailing list is also a good place to ask questions. I have asked a few questions myself and have always gotten a quick and helpful response. I hope this helps you out and if you have questions be sure to let us know.