Ethereal Grab Bag Tool

Ethereal is an open source on the network of a powerful Ethernet capture tool, the software can monitor the exception packet, detect software packet problems, grab packets from the network, and can analyze the packet, so as to help users to solve various network failures, more convenient to view, monitor TCP Session dynamic and so on.
The ethereal grab kit requires a bottom-up grab-packet platform that uses the LIBPCAP function library to capture the package in Linux, using the WinPcap function library in Windows systems. The software is basically similar to tcpdump, but Ethereal also has a well-designed GUI and numerous sorting information and filtering options. With ethereal, users can view all traffic that is sent to the network by inserting the NIC into mixed mode, which can be applied in the areas of fault repair, analysis, software and protocol development, and education.

For ethereal, there are two ways of graphical interface and character interface.
Execute RPM-QA on a Linux system | grep Ethereal-gnome can see if a graphical version is installed, but if there is no Xwin graphics environment on the server, then it is only possible to use the character interface.

Command: Tethereal
Optional parameters:-V,-F

If only tethereal is executed, only the packet header will be crawled, and the contents of the inside are not displayed. When you add the-v parameter, the content is displayed.
The-f parameter is used for filtering, and TCP and UDP all protocols are crawled by default.

If you want to crawl a UDP packet and display the content, execute TETHEREAL-V-f UDP and extract the critical content that you need in conjunction with the grep command.

Graphical:

Ethereal using Tutorials

First, open the capture package configuration item
1. Via Capture--options, click to open the Capture package option configuration

Second, set the packet capture configuration item
1. Set up the network card to grab the packet
2. Set the filter for the capture: only the data that satisfies the criteria will be captured by ethereal, and if not filled, all packets are captured.

Capture Options
Interface: Specifies the interface (NIC) on which to grab the packet. In general, it is a single NIC, so use the default can be
Limit each packet: limits the size of each package, which is not limited by default
Capture packets in Promiscuous mode: Whether promiscuous mode is turned on. If open, crawl all the packets. In general, you only need to listen to the packets received or sent from this machine, so this option should be turned off.
Filter: Filters. Crawl only packets that satisfy the filter rules (can be skipped temporarily)
File: If you need to write the captured package to a file, enter the filename here.
Use ring buffer: whether cyclic buffering is used. The default is not to use, that is, to grab the package. Note that loop buffering is only valid when writing files. If you use circular buffering, you also need to set the number of files, the size of the file back to the volume
Other items are selected by default.
Third, start to grab the bag
Click the Start button to start grabbing the bag

Iv. stop grasping the bag
Click the Stop button to stop grabbing the bag

V. Start grasping the bag again
If you do not need to re-set the option to capture the package, you can simply click Capture--start to grab the package again

Main characteristics of Ethereal

Capture data from a network connection at real time, or read from a captured file;
Ethereal can read from tcpdump (LIBPCAP), network generic sniffer (compressed and uncompressed), Sniffertm Pro, Netxraytm, Sun Snoop and Atmsnoop, Shomiti/finisar testers, AIX iptrace, Network Monitor for Microsoft, Novell Lanalyzer, RADCOM Wan/lan Analyzer, HP-UX Isdn4bsd and Nettl for i4btrace projects, Cisco security IDS I Files captured in the Plog and PPPD logs (pppdump format), Wildpacket Etherpeek/tokenpeek/airopeek, or Visual UpTime of the visual network. In addition, Ethereal can read the trace reports from the Lucent/ascend WAN router and the Toshiba ISDN router, as well as read the output text and DBS Etherwatch from the TCPIP of the VMS.
Real-time data is read from Ethernet, FDDI, PPP, Token Ring, IEEE 802.11, IP and loop interfaces on ATM (at least some systems, not all systems support these types).
The captured network data can be accessed through the GUI or TTY mode tethereal program.
The captured files are edited or modified programmatically through the command line switch of the EDITCAP program.
The current 602 protocol can be split.
The output file can be saved or printed in plain text or PostScript format.
Display the data accurately with the display filter.
Display filters can also be selectively used for highlighting areas and color pack summary information.
All or part of the captured network trace reports are saved to disk.

Ethereal Grab Bag Tool