|
|
| Line 1: |
Line 1: |
| − | [http://www.ethereal.com/ Ethereal] is the most popular [[GUI]] protocol analyzer.
| + | Ethereal is now known as [[wireshark]]. |
| − | | |
| − | | |
| − | | |
| − | == Starting it on [[UBO]]s ==
| |
| − | | |
| − | Remember you need to be root to run ethereal because you will be putting your network card into promiscuous mode.
| |
| − | If you're starting it from a terminal, you probably want to run:
| |
| − | | |
| − | # su -p -c ethereal
| |
| − | | |
| − | assuming ethereal is in root's [[$PATH]], if not, include the full path.
| |
| − | | |
| − | | |
| − | | |
| − | | |
| − | == Using it ==
| |
| − | | |
| − | | |
| − | Once in Ethereal, go to
| |
| − | | |
| − | Capture -> Interfaces
| |
| − | | |
| − | and choose the interface you want to capture on. Then just hit "stop" when you want to stop sniffing. You will now see a list of the packets you have captured.
| |
| − | | |
| − | | |
| − | Fun things to do with your captured packets:
| |
| − | | |
| − | Right click on one of the TCP packets and see if there is an option "Follow TCP stream". You will notice when you close the follow TCP stream window that the filter text box that was empty now contains a filter. You can clear this filter to start over with all over your captured packets, or fine tune the filter to find exactly what you are looking for.
| |
| − | | |
| − | If there isn't a lot of traffic on your interface, try going to a webpage in your browser while you are capturing. Now when you view the TCP stream of your HTTP request, you will see what happens behind the scenes with your [[Browser]].
| |
Latest revision as of 19:00, 21 October 2007
