 | Ethereal: Encyclopedia - Ethereal
Ethereal
This article is about the network traffic analyzer. For more general definitions, see the Wiktionary entry. For the fictional alien race from X-COM: UFO Defense, see Ethereal (alien)
In computing, Ethereal (i-'thir-E-&l) is a protocol analyzer, or "packet sniffer" software, used for network troubleshooting, analysis, software and protocol development, and education. It has all of the standard features of a protocol analyzer.
The functionality Ethereal provides is very similar to tcpdump (c.f.), but it has a GUI front-end, and many more information sorting and filtering options. It allows the user to see all traffic being passed over the network (usually an Ethernet network but support is being added for others) by putting the network card into promiscuous mode.
Ethereal is released under an open source license, and it runs on most Unix and Unix-compatible systems, including Linux, Solaris, FreeBSD, NetBSD, OpenBSD, Mac OS X and Windows, as it uses the cross-platform GTK+ widget toolkit (although GTK+ only works with X11 on Mac OS X, so the user will need to run an X server such as X11.app).
Ethereal is software that "understands" the structure of different network protocols. Thus it's able to display encapsulation and single fields and interpret their meaning. Ethereal doesn't have its own code to capture packets. It uses libpcap/WinPcap for this task, so it can only capture on networks supported by libcap/WinPcap.
Ethereal - Features
- Data can be captured "off the wire" from a live network connection or read from a capture file.
- Live data can be read from Ethernet, FDDI, PPP, Token Ring, IEEE 802.11, Classical IP over ATM, and loopback interfaces (at least on some platforms; not all of those types are supported on all platforms).
- Captured network data can be browsed via a GUI, or via the TTY-mode "tethereal" program.
- Captured files can be programmatically edited or converted via command-line switches to the "editcap" program.
- Display filters can also be used to selectively highlight and color packet summary information.
- Data display can be refined using a display filter.
- Hundreds of protocols can be dissected.
- And more...
Ethereal - Security
Because of its questionable security record and doubts of developers for better future development, OpenBSD removed Ethereal from its ports tree prior to its 3.6 release.
Other related archivesATM, Ethereal (alien), Ethernet, FDDI, FreeBSD, GTK, GUI, IEEE 802.11, IP, Linux, Mac OS X, NetBSD, OpenBSD, PPP, Solaris, TTY, Token Ring, Unix, Windows, X server, X-COM: UFO Defense, X11.app, computing, front-end, libpcap/WinPcap, loopback, network, open source license, packet sniffer, promiscuous mode, protocol, protocol analyzer, protocols, software, tcpdump
 Adapted from the Wikipedia article "Ethereal", under the G.N U Free Docmentation License. Please also see http://en.wikipedia.org/wiki |
