Summary

 < Day Day Up > 



If you’re trying to pinpoint a network problem, or understand how a particular network operation works, the amount of extraneous traffic on the network can overwhelm you. Filters are the way to manage this huge amount of information. Capture filters allow you to limit the amount of packets that Ethereal receives from the operating system. Display filters allow you to limit the packets that are shown in Ethereal’s main window, giving you the opportunity to concentrate on the problem at hand.

Ethereal’s capture filter syntax is the same as tcpdump’s filter syntax. This is because both Ethereal and tcpdump use a library called libpcap; it is this library that provides the filter engine. The filter engine provided by libpcap, while fast, does not provide many protocol or field names in its language. To find data for fields whose names are not provided in the filter language, the user must extract bytes from the packet by using offsets from the beginning of the protocol fields.

Ethereal’s display filter syntax is unique to Ethereal. It is part of Ethereal’s protocol dissection engine, and provides names for almost all protocols and fields that Ethereal can dissect. Display filters are slower to process packets than capture filters, but the trade-off is ease of use.

You can maintain a collection of capture filters and display filters through Ethereal’s graphical user interface. You can also create display filters through a point-and-click interface. To find the names of all the available fields and protocols in the display filter language, Ethereal provides some information in its GUI and manual pages. Additionally, this book provides that information on the included CD-ROM.



 < Day Day Up > 



Ethereal Packet Sniffing
Ethereal Packet Sniffing (Syngress)
ISBN: 1932266828
EAN: 2147483647
Year: 2004
Pages: 105
Authors: Syngress

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net