Ethereal

Matt Lesko

Packet sniffers, sometimes referred to as protocol or network analyzers, are invaluable tools for network and systems administrators. With an abundance of commercial and free software products available, it may be difficult to choose a good product. This article describes Ethereal, a free packet sniffer that not only decodes network traffic, but can filter and analyze it, all with an advanced, GTK-based GUI. Additionally, Ethereal can read the data files from a multitude of other packet sniffers, letting you analyze previously collected data. The files can even be compressed with gzip, and Ethereal will read and write to them invisibly.

Installation

Ethereal can be downloaded from the main Web site: http://www.ethereal.com/download.html or from any of their mirrors worldwide. The latest version (as of this writing) is 0.8.19. It requires GTK+ 1.2 or greater, which can be downloaded from: http://www.gtk.org/download/ and the libpcap packet capture library, which can be downloaded from: http://www.tcpdump.org. Perl is also required to build the included documentation. Additionally, it is recommended that you download and install zlib, available at: http://www.info-zip.org/pub/infozip/zlib/ so that Ethereal can work with gzipped files on the fly, and NET-SNMP libraries, if you want to enable SNMP support, available at: http://net_snmp.sourceforge.net/. Pre-compiled binary packages are available for all the major UNIX flavors, as well as for Windows NT.