1 / 14

Packet Capture Using Ethereal

Packet Capture Using Ethereal. Definition for Sniffer:.

keegan-rice
Download Presentation

Packet Capture Using Ethereal

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Packet Capture Using Ethereal

  2. Definition for Sniffer: • A program and/or device that monitors data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information off a network. Unauthorized sniffers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker's arsenal. • On TCP/IP networks, where they sniff packets, they're often called packet sniffers.

  3. Why Packet Capture? • Troubleshooting! For most computer users, the only way we can tell what the network is doing is by watching the performance of our workstation. If it takes a long time to retrieve a file from the server, we say the network is “slow”. For network analysts that’s just the first step on the road to analyzing a reported problem.

  4. Why Packet Capture? • We use a variety or tools to do this analysis, including SNMP and RMON, but before these were available packet capture software was used.

  5. What is Packet Capture? • Packet Capture software reads all packets that fly by on the network, whether they are addressed for our workstation or not. It then decodes the binary data into the appropriate fields of each frame and interprets what each is doing. By understanding how a protocol is supposed to work you can look at what you capture and tell what’s going on with your network.

  6. Network General • A company called Network General developed a hardware/software combination called the Sniffer. It was expensive software on an expensive portable computer, and you couldn’t buy them separately. The company has since been sold a couple of times and now is owned by Network Associates.

  7. Network General • Network Associates promptly changed the sales model to a license arrangement and allowed the software to be sold separately. The software starts at about $5k per year (2003). It captures frames and packets, then uses an expert systems program to analyze the data and suggest the source of problems. PC magazine considers the Sniffer Pro LAN the best high-end packet capture software available.

  8. Packet Capture Tools • PC Magazine wrote a series of articles reviewing packet capture tools, and it’s available at http://www.pcmag.com/article2/0,4149,89013,00.asp

  9. Packet Capture Tools • Some other brands are listed on the above page, including: • EtherPeek (About $1000) • LANwatch32 • Netboy • Observer • Sniffer Basic • Optiview Integrated Network Analyzer • Surveyor 3.2

  10. Ethereal • We are going to use Ethereal, because it’s free! You can find it at http://www.ethereal.com/ •  Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.

  11. Ethereal • You can find it at http://www.ethereal.com/distribution/win32/. You’ll need to install both Ethereal to analyze the data and WinPcap to capture data. There’s a bit of a description of WinPcap at http://winpcap.polito.it/default.htm.

  12. Ethereal • An introduction to Ethereal, along with some screen shots, can be found at http://www.ethereal.com/introduction.html

  13. Ethereal • If you have a network at home, download Ethereal onto your own workstation. Be sure to also download WinPcap. Even if you don’t have a network, you can download previously captured data off of the Ethereal (and other) web sites and analyze the data so you can see how it works. The program is about 10MB, so it won’t fit on a floppy disk, but it will fit on a zip disk or CD.

  14. Ethereal Tutorial • Here is a complete Ethereal tutorial. It was written for a Unix environment, so skip the parts that have to do with command line. It has complete information about how to use the windows version as well. This is a huge document, so don’t expect to go through all of it and make sense of it. Go through the first guide far enough to figure out how the tool works. There are plenty of screen shots to help you along. • http://www.ethereal.com/docs/user-guide/chap03.html#AEN1092 • The complete user’s guide is at • http://www.ethereal.com/docs/user-guide/

More Related