Packet Capture: Packet Analyzers - Page 3

By O'Reilly Press | Posted Nov 27, 2001
Page 3 of 4   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

The protocol tree basically displays the structure of the packet by analyzing the data and determining the header type and decoding accordingly. Fields can be expanded or collapsed by clicking on the plus or minus next to the field, respectively. In the figure, the Internet Protocol header has been expanded and the Type-Of-Service (TOS) field in turn has been expanded to show the various values of the TOS flags. Notice that the raw data for the field selected in the second pane is shown in bold in the bottom pane. This works well for most protocols, but if you are using some unusual protocol, like other programs, ethereal will not know what to do with it.

ethereal has several other useful features. For example, you can select a TCP packet from the main pane and then select Tools Follow TCP Stream. This tool collects information from all the packets in the TCP session and displays the information. Unfortunately, while convenient at times, this feature makes it just a little too easy to capture passwords or otherwise invade users' privacy.

The Tools Summary gives you the details for data you are looking at. An example is shown in Figure 1-4.

Figure 1-4 ethereal Summary
Figure 1-4: ethereal Summary

There are a number of additional features that I haven't gone into here. But what I described here is more than enough for most simple tasks.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter