BackCover

Ethereal offers more protocol decoding and reassembly than any free sniffer out there and ranks well among the commercial tools. You’ve all used tools like tcpdump or windump to examine individual packets, but Ethereal makes it easier to make sense of a stream of ongoing network communications. Ethereal not only makes network troubleshooting work far easier, but also aids greatly in network forensics, the art of finding and examining an attack, by giving a better “big picture” view. Ethereal Packet Sniffing will show you how to make the most out of your use of Ethereal.

• Learn About Network Analyzers: Learn about the types of sniffers available today and see the benefits of using Ethereal.
• Master Tethereal: Use Tethereal, the command line version of Ethereal, to capture live packets from the wire or to read saved capture files.
• Install and Configure Ethereal: Find out how to install Ethereal on Windows and Unix and see how to build Ethereal from source.
• Explore the Ethereal Graphic User Interface: Learn your way around the menus, windows, and command-line options of Ethereal.
• Write Capture and Display Filters: Pinpoint network problems using filters to manage network operations and traffic.
• Benefit from the Additional Programs Packaged with Ethereal: Learn about the suite of programs that provide command line capturing, formatting, and manipulating capabilities: Tethereal, Editcap, Mergecap, and Text2pcap.
• Integrate Ethereal with Other Sniffers: Import and export files between Ethereal and various compatible products, including WinDump, Snort, Snoop, Microsoft Network Monitor, and EtherPeek.
• Scan the Network: See how to use network scanning to detect open ports and services on systems.
• Master Advanced Ethereal Topics: Create sub-trees, display bitfields in a graphical view, track request and reply packet pairs, and configure different Ethereal components.

About the Author

Angela Orebaugh has worked in information technology fro 10 years. She is currently an Associate at Booz Allen Hamilton in the Washington, DC metro area. Her focus is on perimeter defense, secure architecture design, vulnerability assessments, penetration testing, and intrusion detection. Angela is an expert in many commercial and Open Source intrusion detection and analysis tools including: Ethereal, Snort, Nessus, and Nmpa. She is a graduate of James Madison University with a masters in computer science, and she is currently pursuing her PhD with a concentration in information security at George Mason University. Her GCFW practical received honors recognition and was used as a case study in the book Network Perimeter Security: The Definitive Guide to Firewalls, VPNs, Routers, and Network Intrusion Detection by Stephen Northcutt. Angela is a researcher, writer, and speaker for the SANS Institute, where she has helped to develop and revise SANS course material and also serves as the Senior Mentor Coach for the SANSS Local Mentor Program.