Packet Capture: Packet Analyzers - Page 2

In part 4 of our series from the O'Reilly book, Network Troubleshooting Tools, you will learn all about examining the data within packets using packet analyzers, complete with syntax and illustrated examples.

 By O'Reilly Press
Page 2 of 4   |  Back to Page 1
Print Article

Figure 1-2 ethereal Capture Preferences
Figure 1-2: ethereal Capture Preferences

While you are capturing traffic, ethereal will display a Capture window that will give you counts for the packets captured in real time. This window is shown in Figure 1-3. If you didn't say how many frames you wanted to capture on the last screen, you can use the Stop button to end capture.

Figure 1-3 ethereal Capture
Figure 1-3: ethereal Capture

Once you have finished capturing data, you'll want to go back to the main screen shown in Figure 1-1. The top pane displays a list of the captured packets. The lower panes display information for the packet selected in the top pane. The packet to be dissected is selected in the top pane by clicking on it. The second pane then displays a protocol tree for the packet, while the bottom pane displays the raw data in hex and ASCII. The layout of ethereal is shown in Figure 1-1. You'll probably want to scroll through the top pane until you find the traffic of interest. Once you have selected a packet, you can resize the windows as needed. Alternately, you can select Display Show Packet in New Window to open a separate window, allowing you to open several packets at once.

This article was originally published on Nov 27, 2001
Get the Latest Scoop with Networking Update Newsletter