Manuals / Lucent Technologies / Computer Equipment / Network Card

Lucent Technologies Ethereal manual Capturing Live Network Data

Models: Ethereal

1 199

Download 199 pages 450 b

Page 90

Capturing Live Network Data

76

Image 90

Lucent Technologies Ethereal manual Capturing Live Network Data

Contents

Ethereal Users Guide V2.0.2 16376 for EtherealEthereal Users Guide V2.0.2 16376 for Ethereal Page Table of Contents Page Page Page Preface ForewordWho should read this document? Acknowledgements About this document Where to get the latest copy of this document? Providing feedback about this document Preface Xiv Introduction What is Ethereal?Features Some intended purposesExport files for many other capture programs Many protocol decodersOpen Source Software What Ethereal is not Platforms Ethereal runs on UnixLinux Microsoft Windows Where to get Ethereal? Rose by any other name Brief history of Ethereal Development and maintenance of Ethereal Website Wiki Reporting problems and getting helpFAQ Mailing ListsReporting Problems Reporting Crashes on UNIX/Linux platformsReporting Crashes on Windows platforms Introduction Building and Installing Ethereal IntroductionObtaining the source and binary distributions Download all required filesBefore you build Ethereal under Unix Example 2.1. Building GTK+ from sourceExample 2.2. Building and installing libpcap Example 2.5. Installing debs under Debian Building Ethereal from source under UnixPage Installing the binaries under Unix Installing from rpms under RedHat and alikeInstalling from debs under Debian Troubleshooting during the install on Unix Building from source under Windows Installing Ethereal under Windows Install EtherealInstall WinPcap Update Ethereal Update WinPcapUninstall Ethereal Uninstall WinPcap Building and Installing Ethereal User Interface Start Ethereal Main window Main windowUser Interface Current program state and the captured data Menu Open Recent File menuMenu Item Accelerator Description Open MergeFile Set List Menu Item Accelerator Description SaveSave As FilesExport Selec Menu Item Accelerator Description ExportPdml file Ted Packet BytesEdit menu User Interface Marking packets for detailsView menu View Menu View menu itemsPrevious Packet are mutually exclusive Fields Time of Day, Date and Time of DaySeconds Since Beginning of Capture and Seconds Since BeginningNormal Size Menu Item Accelerator Description ZoomZoom Out Resize AllGo menu Menu Item Accelerator Description Last Packet Capture menu Saving filters Analyze menu Analyze Menu Analyze menu itemsFollow TCPStatistics menu Statistics menu itemsTypes 225Message VoIP CallsHelp menu 10. The Help Menu Help menu itemsPage Main toolbar 11. The Main toolbar Main toolbar itemsFirst Go BackGo Forward Packet Go To Last PackTion 9.3, Packet colorization Filter toolbar 12. The Filter toolbarPacket List pane 13. The Packet List panePacket Details pane 14. The Packet Details panePacket Bytes pane 15. The Packet Bytes paneStatusbar 17. The initial StatusbarUser Interface Capturing Live Network Data Prerequisites Start Capturing Capture Options dialog boxCapture Interfaces dialog box Packets/sPrepare Capture Options dialog box Capture frameInterface Buffer size n megabytes IP addressLink-layer header type Capture packets in promiscuousCapture Files frame Stop Capture... frameName Resolution frame Display Options frameButtons Capture file mode selected by capture options Capture files and file modesMultiple files, continuous Multiple files, ring bufferLink-layer header type Srcdst host host Filtering while capturingExample 4.2. Capturing all telnet traffic not from Ether srcdst host ehostMasklen len Gateway host hostSrcdst net net mask Tcpudp srcdst port portWhile a Capture is running Stop the running captureUsing the toolbar item Restart a running captureCapturing Live Network Data File Input / Output and Printing Open capture files Open Capture File dialog boxInput File Formats Page Saving captured packets Save Capture File As dialog boxTip Output File Formats Merging capture files Merge with Capture File dialog boxPage File Sets List Files dialog boxExporting data Export as Plain Text File dialog boxExport as PostScript File dialog box Export as CSV Comma Seperated Values File dialog box Export as Psml File dialog boxExport as Pdml File dialog box Export as Psml File dialog boxExport selected packet bytes dialog box Export Selected Packet Bytes dialog boxPage Printing packets Print dialog boxPrinter Lpr -Pmypostscript Packet Range frame 10. The Packet Range framePacket Format frame 11. The Packet Format frameFile Input / Output and Printing Working with captured packets Viewing packets you have capturedFunction overview of the pop-up menus New Window Resolve name Lis Byt Menu Description TailDecode As CopyMark Packet toggle Follow TCP StreamFilter Field Reference Protocol PropertiesGo to Corresponding Packet Export Selected Packet Bytes Filtering packets while viewing Filtering on the TCP protocolPage Comparing values Building display filter expressionsDisplay filter fields Display Filter comparison operatorsCombining expressions Display Filter Field TypesDisplay Filter Logical Operations Common mistake Filter Expression dialog box Filter Expression dialog boxPredefined values CancelValue RangeDefining and saving filters Capture Filters and Display Filters dialog boxesFilter NewDelete Filter nameDisplay filter Finding packetsFind Packet dialog box Hex ValueFind Next command Find Previous commandDown Go to a specific packet Marking packets Time display formats and time references Packet time referencingPage Working with captured packets 119 Advanced Features Following TCP streams Follow TCP stream dialog boxPage Packet Reassembling What is it?Reassembling is disabled by default How Ethereal handles itName Resolution Ethernet name resolution MAC layerIP name resolution network layer IPX name resolution network layer TCP/UDP port name resolution transport layerAdvanced Features 126 Statistics Summary window Summary windowPage Protocol Hierarchy window Protocol Hierarchy windowPage What is an Endpoint? EndpointsEndpoints window Protocol specific Endpoint List windows Conversations window What is a Conversation?Conversations Protocol specific Conversation List windowsIO Graphs window GraphsAxis Page Service Response Time Service Response Time DCE-RPC windowFibre Channel 225 RAS DCE-RPC Statistic for ... window Protocol specific statistics windows Statistics 140 Customizing Ethereal Duration ue Start Ethereal from the command lineExample 9.1. Help information available from Ethereal Filesize ueCapture buffer size Win32 DurationueFilesizeue OnlyName resolving flags Preference/recent settingsFont Ethereal -o mgcp.displaydissecttreeTRUECapture link type Time stamp formatSavefile Statistics-stringPacket colorization Coloring Rules dialog boxChoose color dialog box Using color filters with Ethereal Enabled Protocols dialog box Control Protocol dissectionPage User Specified Decodes Decode As dialog boxShow User Specified Decodes Decode As Show dialog boxPreferences Preferences dialog boxCustomizing Ethereal 154 Customizing Ethereal 155 Appendix A. Configuration and other Files and Folders Table A.1. Configuration files and folders overviewWindows folders Preferences/ethereal.confDisabledprotos Configuration files and folders overview. If an address isWindows folders Windows profilesPlugins folder Windows temporary folder 98/ME with enabled user proWindows NT/2000/XP roaming profiles 95/98/MEConfiguration and other Files Folders 161 Appendix B. Protocols and Protocol Fields Appendix C. Related command line tools Tcpdump Capturing with tcpdump for viewing with Ethereal Tethereal Terminal-based Ethereal Capinfos Print information about capture files Example C.1. Help information available from capinfosEditcap Edit capture files Example C.2. Help information available from editcapRelated command line tools Capture type Time adjustmentEncap type SnaplenMergecap Merging multiple capture files into one Example C.3. Help information available from mergecap171 Example C.4. Simple example of using mergecap Text2pcap Converting Ascii hexdumps to network captures Example C.5. Help information available for text2pcapFilename HexoctL3pid Srcport destportPrerequisites to using idl2eth Why do this?How to use idl2eth Idl2eth Creating dissectors from Corba IDL filesTodo Limitations Related command line tools 179 Appendix D. This Documents License GPL GNU General Public License181 182 183 184 185