Chapter 1. introduction, What is ethereal, Some intended purposes – Lucent Technologies Ethereal User Manual

Chapter 1. Introduction

1.1. What is Ethereal?

Ethereal is a network packet analyzer. A network packet analyzer will try to capture network pack-
ets and tries to display that packet data as detailed as possible.

You could think of a network packet analyzer as a measuring device used to examine what's going
on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on
inside an electric cable (but at a higher level, of course).

In the past, such tools were either very expensive, proprietary, or both. However, with the advent of
Ethereal, all that has changed.

Ethereal is perhaps one of the best open source packet analyzers available today.

1.1.1. Some intended purposes

Here are some examples people use Ethereal for:

•

network administrators use it to troubleshoot network problems

•

network security engineers use it to examine security problems

•

developers use it to debug protocol implementations

•

people use it to learn network protocol internals

Beside these examples, Ethereal can be helpful in many other situations too.

1.1.2. Features

The following are some of the many features Ethereal provides:

•

Available for UNIX and Windows.

•

Capture live packet data from a network interface.

•

Display packets with very detailed protocol information.

•

Open and Save packet data captured.

•

Import and Export packet data from and to a lot of other capture programs.

•

Filter packets on many criteria.

•

Search for packets on many criteria.

•

Colorize packet display based on filters.

•

Create various statistics.

•

... and a lot more!

However, to really appreciate its power, you have to start using it.

Figure 1.1, “ Ethereal captures packets and allows you to examine their content. ”

shows Ethereal

having captured some packets and waiting for you to examine them.

1