Transcript Using Ethereal

Using Ethereal
Sarah Johnson
Ned Leahy
May 2nd, 2006
Ethereal – Basic Functions

Ethereal is an open source ‘packet sniffer’

Packet sniffers, or network analyzers, are programs/hardware
components that pick up communication traffic, via packets,
traversing a computer network.

The analyzer must be hooked into a hub, or a switch, in order to
gain access to the packets designated for other recipients.
Some switches have special ports called mirror ports specifically
designed for this. Ethereal, in standard form, is limited to the
network it resides in.

Ethereal has the ability to record, analyze, and filter a large
number of standard protocols used over Ethernet and other
network types.
Ethereal – Basic Setup

Ethereal is free to download

Open source authoring provides multiple operating system
support, and source code for custom installations/uses.

System setup is in the form of a wizard - no prior network
administration experience is needed to get up and running.

Once the program is installed on the local computer, that
computer must be hooked into a hub, or a switch in order
to capture the local network activity.
Ethereal – Sample Architecture
Internet
Ethernet
Router
7x
8x
9x
1x
2x
3x
10x
11x
12x
7x
8x
9x
4x
5x
6x
1x
2x
3x
10x
11x
12x
4x
5x
6x
C
7 8 9 101112
A
12 34 56
A
B
Hub
Lab 11 - FreeBSD
Lab12
Lab 13
Lab 14 - Ethereal
Lab 15 - VNC Server
Ethereal – Standard Uses

Ethereal is often used by network administrators to perform ad-hoc
checks, and audit network usage

Focusing on all inbound packets, administrators can see who is
connecting to their network (which IPs) and what they looking at or
uploading (Packet type/contents).
 By determining legitimate and illicit activity using Ethereal, an
administrator can then set firewall permissions accordingly.

Ethereal can be used privately

There are documented cases where everyday people have used
Ethereal to their advantage
 One article describes how a user logged all traffic on his home PC and
was able to surmise that his live-in girlfriend was cheating on him by
using the same PC to contact her other ‘friend’.
Ethereal – Data Filtering/Categorization

Ethereal users can use different filter types.

Capture - filters on data as it is scanned


Display - filters on data at the GUI only



Limits the total information consumed by
Nondiscriminatory data collection
Captures all events local to the Ethereal connection
Ethereal categorizes according to packet/protocol type

Colors help identify packet type quickly
 Aids in quickly identifying unwanted network activity
Ethereal - Demo
TelNet Logon – Unsecured Data Capture
 SSH Logon – Encrypted Data Capture
 AIM Chat – Unsecured Data Capture
 Google Search – Unsecured Data Capture
 VNC Traffic – Very Large Packet Volume
