%general-entities; ]> $LastChangedBy$ $Date$ ethereal-ðereal-version;.tar ethereal Ethereal The Ethereal package contains a network protocol analyzer, also known as a sniffer. This is useful for analyzing data captured off the wire from a live network connection, or data read from a capture file. Ethereal provides both a graphical and TTY-mode front-end for examining captured network packets from over 500 protocols, as well as the capability to read capture files from many other popular network analyzers. Package Information Download (HTTP): Download (FTP): Download MD5 sum: ðereal-md5sum; Download size: ðereal-size; Estimated disk space required: ðereal-buildsize; Estimated build time: ðereal-time; Additional Downloads Additional Documentation: From this page you can download many different docs in a variety of formats. Ethereal dependencies Required or (to build the TTY-mode front-end only) Recommended (required to capture data) Optional , or (to build the GUI front-end), , or , , , GnuTLS (which needs libgpg-error then libgcrypt), Net-SNMP, adns, and Lua User Notes: The kernel must have the Packet protocol enabled for Ethereal to capture live packets from the network. Enable the Packet protocol by choosing Y in the Networking – Packet socket configuration parameter. Alternatively, build the af_packet.ko module by choosing M in this parameter. Capturing network packets Install Ethereal by running the following commands: ./configure --prefix=/usr \ --sysconfdir=/etc \ --enable-threads && make This package does not come with a test suite. Now, as the root user: make install && install -v -m644 FAQ README{,.linux} doc/README.* doc/*.{pod,txt} \ /usr/share/ethereal && install -v -m644 -D ethereal.desktop \ /usr/share/applications/ethereal.desktop && install -v -m644 -D image/elogo3d48x48.png \ /usr/share/pixmaps/ethereal.png && install -v -m755 -d /usr/share/pixmaps/ethereal && install -v -m644 image/*.{png,ico,xpm,bmp} \ /usr/share/pixmaps/ethereal If you downloaded any of the documentation files from the page listed in the 'Additional Downloads', install them by issuing the following commands as the root user: install -v -m755 -d /usr/share/doc/ethereal-ðereal-version; && install -v -m644 <Downloaded_Files> /usr/share/doc/ethereal-ðereal-version; --enable-threads: This parameter enables the use of threads in ethereal. --with-ssl: This parameter enables the use of the OpenSSL libcrypto library. /etc/ethereal.conf and ~/.ethereal/preferences ~/.ethereal/preferences /etc/ethereal.conf Though the default configuration parameters are very sane, reference the configuration section of the Ethereal User's Guide for configuration information. Most of Ethereal's configuration can be accomplished using the menu options of the ethereal graphical interface. If you want to look at packets, make sure you don't filter them out with . If you want to exclude certain classes of packets, it is more efficient to do it with iptables than Ethereal. Installed Programs Installed Libraries Installed Directories capinfos, dftest, editcap, ethereal, idl2eth, mergecap, randpkt, tethereal and text2pcap libethereal.so, libwiretap.so and numerous dissector plugin modules /usr/lib/ethereal, /usr/share/ethereal and /usr/share/pixmaps/ethereal Short Descriptions capinfos reads a saved capture file and returns any or all of several statistics about that file. It is able to detect and read any capture supported by the Ethereal package. capinfos dftest is a display-filter-compiler test program. dftest editcap edits and/or translates the format of capture files. It knows how to read libpcap capture files, including those of tcpdump, Ethereal and other tools that write captures in that format. editcap ethereal is a GUI network protocol analyzer. It lets you interactively browse packet data from a live network or from a previously saved capture file. ethereal idl2eth takes a user specified CORBA IDL file and generates C source code that can be used to create an Ethereal plugin. idl2eth mergecap combines multiple saved capture files into a single output file. mergecap randpkt creates random-packet capture files. randpkt tethereal is a TTY-mode network protocol analyzer. It lets you capture packet data from a live network or read packets from a previously saved capture file. tethereal text2pcap reads in an ASCII hex dump and writes the data described into a libpcap-style capture file. text2pcap libethereal.so contains functions used by the Ethereal programs to perform filtering and packet capturing. libethereal.so libwiretap.so is a library being developed as a future replacement for libpcap, the current standard Unix library for packet capturing. For more information, see the README file in the source wiretap directory. libwiretap.so