If you've ever been a network administrator, the call you dread the most might be one you receive in the middle of the night by some panicked employee stating that a portion of your critical network has gone down. What troubleshooting options are available to provide answers to your network problem? Besides having a proactive helpdesk that can "read" the mind of your network, an important part of troubleshooting involves using a network protocol analyzer. If you've done your research, you realize that there are many choices on the market today that may satisfy your needs but make a dent your company's pocket book. Plus, you have to factor in training your helpdesk on how to use this new tool and if it will provide some type of return on investment (ROI).
After conducting a thorough research of tools to analyze and troubleshoot a network, we decided to use Ethereal. Many versions such a Sniffer® Portable by Network General and Observer® by Network Instruments provided more options but were only available in "demo" versions and didn't provide full functionality. Since we wanted to use Tcpdump as one of the tools in our network troubleshooting arsenal, it made sense to run Ethereal since it supports this type of filter.
So, what is Ethereal?
Ethereal is a network analyzer. It has the ability to read packets from a network, decipher them, and then display the results with a very intuitive GUI. According to the book Ethereal Packet Sniffing, "the most important aspects of Ethereal are as follows: that it is open source, actively maintained, and free". After conducting thorough research, Ethereal also supports TcpDump format capture filters, supports over 700 protocols (new ones are added on a regular basis), and the tool can capture data from Ethernet, Token Ring, 802.11 Wireless, etc. For anyone interested in a command line interface (CLI) interface for Ethereal, you're in luck since there is a CLI available called tethereal.
History of Ethereal