Classnotes | UNIX03 | RecentChanges | Preferences No diff available--this is the first major revision.
(no other diffs)Ethereal is a well-designed and easy to use GUI-based program for sniffing an Ethernet interface for packets and making sense of them. It is the program of choice for this task.
Ethereal maps IP addresses, MAC addresses, and high- and low-level protocol fields to symbolic names for easier interpretation. It allows an interpretive look at any part of a packet, but avoids showing you the overwhelming but normally uninteresting portions of a packet.
USing Ethereal
The following will do a basic "sniff everything from eth0 and show the results in real time":
# ethereal -k -l -S -i eth0 &
The -k flag starts packet capture immediately. -l causes scrolling, and -S causes immediate display of received packets. The -i flag specifies the interface. It defaults to the first non-loopback interface, which will probably be eth0. Ethereal will show the text data in the first captured packet and it will show source and destination addresses of all packets.
This is the results of such a call from my home system:
The middle pane shows the different logical components of each pached. IP addresses, MAC addresses, DNS, NFS, SMTP, and other high-level protocols' components are interpreted, etc. Clicking on any one of these components will expand it into its constituent components. These too may be expanded. At each level, the data is interpreted.
