Packet Capture: Packet Analyzers - Page 3

In part 4 of our series from the O'Reilly book, Network Troubleshooting Tools, you will learn all about examining the data within packets using packet analyzers, complete with syntax and illustrated examples.

 By O'Reilly Press
Page 3 of 4   |  Back to Page 1
Print Article

The protocol tree basically displays the structure of the packet by analyzing the data and determining the header type and decoding accordingly. Fields can be expanded or collapsed by clicking on the plus or minus next to the field, respectively. In the figure, the Internet Protocol header has been expanded and the Type-Of-Service (TOS) field in turn has been expanded to show the various values of the TOS flags. Notice that the raw data for the field selected in the second pane is shown in bold in the bottom pane. This works well for most protocols, but if you are using some unusual protocol, like other programs, ethereal will not know what to do with it.

ethereal has several other useful features. For example, you can select a TCP packet from the main pane and then select Tools Follow TCP Stream. This tool collects information from all the packets in the TCP session and displays the information. Unfortunately, while convenient at times, this feature makes it just a little too easy to capture passwords or otherwise invade users' privacy.

The Tools Summary gives you the details for data you are looking at. An example is shown in Figure 1-4.

Figure 1-4 ethereal Summary
Figure 1-4: ethereal Summary

There are a number of additional features that I haven't gone into here. But what I described here is more than enough for most simple tasks.

This article was originally published on Nov 27, 2001
Get the Latest Scoop with Networking Update Newsletter