Ethereal Part #I
Sung Kyun Kwan University
HIT Lab.
Jung-yoon Kim (jykim@hit.skku.edu)
Copyright ⓒ Sungkyunkwan University
2
Contents

Introduction




Set up Ethereal






What is Traffic Characterization?
What is Packet Capturing?
What is Ethereal?
Set up ‘libpcap’ (Portable Packet Capturing Library)
Set up ‘Ethereal’
Ethereal menu overview
Using basic function of Ethereal
Using advanced function of Ethereal
Demo
3
Introduction

What is Traffic Characterization? [1]




Scheduling of network traffic, traffic shaping, flow control, and congestion
control.
Emerging high-bandwidth, real-time applications.
Exponentially increasing Internet population.
Packet Capturing [2]


How much analysis or interpretation is provided after a packet is captured,
Packet sniffers


Protocol analyzers


Providing the greatest level of interpretation.
Packet analyzers


Generally doing the least amount of analysis.
Typically lying somewhere in between Packet sniffers and Protocol analyzers.
Traffic monitors

Typically being more concerned with collecting statistical information.
4
Introduction

What is Ethereal?





It is one of Protocol analyzers.
Open source Packet capturing tool.
Supporting UNIX, Linux, Mac OS X, Solaris, Windows, etc.
It requires libpcap (Portable Packet Capturing Library).
It provides Packet sniffing, parsing, statistical informations.
5
Set up Ethereal

Set up ‘libpcap’ [3, 4, 5]

‘libpcap’ is the application programming interface for capturing
packets.
6
Set up Ethereal

Set up ‘Ethereal’

Start WinPcap service “NPF” at startup

If it is checked, Users without Admin privileges can capture packets.
7
Ethereal menu overview

Start Ethereal
8
Ethereal menu overview

Menu

File


Results are saved to files.
Results are loaded from files.
9
Ethereal menu overview

Menu

Edit



Find the packet by filtering rules or hex values or strings.
Marking current packet.
Setting environment (GUI environment).
10
Ethereal menu overview

Menu

View



Setting coloring rules (colored by filtering rules).
Zoom in, Zoom out.
Setting toolbar.
11
Ethereal menu overview

Menu
12
Ethereal menu overview

Menu

Go


Finding the packet by packet number.
Going to the first packet or last packet.
13
Ethereal menu overview

Menu

Capture




Selecting interfaces to capture.
Setting options to capture.
Starting or stopping or restarting capturing.
Managing capturing filters.
14
Ethereal menu overview

Menu

Analyze




Displaying capturing filters.
Enabling / Disabling protocols.
Expert informations (Error, Warning, Notes, Chats).
Following TCP stream.
15
Ethereal menu overview

Menu

Statistics




Summary.
Graphs.
Protocol Hierarchy statistics.
Statistical informations by packets.
16
Ethereal menu overview

Menu

Help



Supported protocols.
Online manual links.
Filtering rules manuals.
17
Using basic function of Ethereal

Capture

Selecting interfaces
18
Using basic function of Ethereal

Capture

Setting options
19
Using basic function of Ethereal
20
Using basic function of Ethereal
21
Using basic function of Ethereal
22
Using advanced function of
Ethereal

Filtering rules








eth.dst eq ff:ff:ff:ff:ff:ff
ip.dst eq www.mit.edu
ip.src == 192.168.1.1
ip.addr == 129.111.0.0/16
tcp.port == 80 and ip.src == 192.168.2.1
http.request.method == "POST"
eth.src[0:3] == 00:00:83
http.content_type[0:4] == "text"
23
Using advanced function of
Ethereal

Filtering rules
24
Using advanced function of
Ethereal

Analyze

Following TCP stream
25
Using advanced function of
Ethereal

Following TCP stream
26
Using advanced function of
Ethereal

Analyze

Expert Info
27
Using advanced function of
Ethereal

Expert Info
28
Using advanced function of
Ethereal

Statistics

Summary
29
Using advanced function of
Ethereal

Statistics

Summary
30
Using advanced function of
Ethereal

Statistics

Conversations
31
Using advanced function of
Ethereal

Statistics

Conversations
32
Using advanced function of
Ethereal

Statistics

Flow Graph
33
Using advanced function of
Ethereal

Statistics

Flow Graph
34
Using advanced function of
Ethereal

Statistics

Flow Graph
35
Demo

Ethereal Demo
36
Reference
[1] http://public.lanl.gov/feng/research/ntc.html
[2]
http://www.unix.org.ua/orelly/networking_2ndEd/tshoot/c
h05_01.htm
[3] http://www.tcpdump.org/pcap.htm
[4]
http://joinc.co.kr/modules.php?name=News&file=article
&sid=112
[5] http://www.winpcap.org/install/default.htm