APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

2005/02/18 Ethereal

Ethereal is an open source network protocol analyzer. It can analyze live data or files from an amazing number of other applications (tcpdump, snoop, Cisco iplog etc.).

The list of protocols it groks just goes on and on - 658 when I just checked now. Runs on Linux, Unix and Windows.

One (of many) interesting features is the ability to reconstruct a tcp session in the order the application would have seen it (network bytes don't necessarily arrive in order; it's up to higher levels of the tcp stack to reconstruct them). It can also do helpful resolution translations for you: mac addresses to ip addresses, mac to manufacturer, ip addresses to dns, port numbers to names.

Free, extensible, powerful.



Got something to add? Send me email.


1 comment



Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Tony Lawrence







Sat Feb 19 01:34:35 2005: 42   BigDumbDinosaur


"One (of many) interesting features is the ability to reconstruct a tcp session in the order the application would have seen it (network bytes don't necessarily arrive in order; it's up to higher levels of the tcp stack to reconstruct them)."



Slight clarification: the packets don't necessarily arrive in the order transmitted. Within any given packet, the bytes will be in proper order. Otherwise, the packet CRC will be invalid.

------------------------
Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





In C++ it's harder to shoot yourself in the foot, but when you do, you blow off your whole leg. (Bjarne Stroustrup)





This post tagged: