Chapter 7: Integrating Ethereal with Other Sniffers

Introduction

We have spent quite a lot of time discussing Ethereal and its features and benefits. However, there may come a time when you need to use other packet capturing programs or utilities. Maybe your company has already purchased a commercial product, or you may have various systems with preinstalled monitoring utilities. Either way, these products may be useful for troubleshooting or for grabbing remote captures. In addition, you may still be able to benefit from Ethereal’s numerous features because of its compatibility with several popular products and utilities.

Ethereal’s expansive compatibility is due to the wiretap library that it uses. When you compile Ethereal from source, the files for this feature are installed in the ethereal-0.10.0a/wiretap directory. Ethereal developers began writing the wiretap library as a future replacement for libpcap. The wiretap library, once further developed, will offer many benefits over libpcap. For now, wiretap is still under development. If you want to contribute, you can find more information in the README.developer file in the wiretap subdirectory. In this chapter we are going to look at the current benefits that the wiretap library adds to Ethereal by importing and exporting files from various packet capture utilities.