Ethereal is an open source network analysis system and is currently the best Open Source Network protocol analyzer, supporting Linux and Windows platform.
Ethereal was initially developed by Gerald Combs and subsequently maintained and developed by a loose Etheral team organization. It currently offers a powerful protocol analysis capability comparable to the commercial network analysis system, since the release of the first 0.2 release in 1998, a large number of volunteers for ethereal to add a new protocol parser, now Ethereal has supported more than 500 protocol resolution. It is hard to imagine that so many people develop code that fits into the system well, and adding a new protocol parser to the system is simple, and a novice who does not understand the structure of the system can develop its own protocol based on the set of interfaces left behind. This is thanks to Ehereal's good design structure. In fact, due to the wide variety of protocols on the Internet, new protocols are emerging. A good protocol analyzer must have good scalability and structure. In order to adapt to the needs of network development, the new protocol parser has been added.
1 Ethereal's bag-catching platform
The network analysis system first relies on a set of function libraries to capture network packets. This function library works at the bottom of the network Analysis System module. The function is to obtain the packet from the NIC or remove a subset of the packet according to the filtering rule, and then transfer it to the upper analysis module. From the protocol, this set of functions receives a packet from the link layer, at least to restore it above the transport layer for upper analysis.
In the Linux system, Steven McCanne and Van Jacobson of Lawrence Berkeley Lab in 1992 presented an implementation of packet filters, BPF (BSD Packet filter). Libpcap is a BPF-based, open Source Library of capture functions. Most of the existing Linux capture systems are based on this set of functions or are based on some specific improvements
In the window system, the Italian Fulvio Risso and Loris Degioanni proposed and implemented the WINPCAP function library, which the author calls NPF. Because NPF's main idea is to come from BPF, its design goal is to Windows
The system provides a powerful development packet capture platform, and it is hoped that the network analysis tools in Linux can be ported to Windows after simple compilation, so these two kinds of trap architectures are very realistic. The function call interface provided for the implementation is also consistent.
Ethereal network Analysis system also needs a bottom grab platform, in Linux is to use Libpcap function library grab bag, in Windows system using WINPCAP function library Grab Bag
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
