Ethereal Packet Sniffing (Syngress)

Reading Capture Files with Ethereal

• Wiretap enables Ethereal to read a variety of capture formats.

• Ethereal can automatically determine what type of file it is reading when it opens it.

• Ethereal can read capture files from over twenty different products.

• Ethereal can open compressed files.

Saving Capture Files with Ethereal

• Ethereal can save capture files in over ten different formats.

• When saving a capture file, you can save all of the packets or just the ones you want.

Ethereal Integration

• Tethereal’s default format for saving capture files is libpcap.

• TCPDump will only capture the first 68 bytes of a file unless you increase the snaplen.

• WinDump’s –D option displays a list of available interface cards on the system.

• Snort can run in three modes: sniffer, packet logger, and network intrusion detection system.

• Snoop uses the –o option to capture packets to a file.

• Microsoft Network Monitor comes with Windows 2000 Server, but it isn’t installed by default.

• EtherPeek can capture traffic from more than one network adapter at a time.

• You can use several different methods to transfer files between Ethereal and Netasyst.

• The HP-UX tracing and logging facility needs to be started with the nettl –start command before tracing can occur.