Packet Sniffing and Ethereal

In order to understand the protocols that we are learning in class, e.g., http, DNS, TCP, UDP, IP, ARP, etc.. it helps to actually view examples of various protocol packets being exchanged by your system and the outside.  One of the best ways of doing this is by using a  Packet Sniffer. As its name suggests, a packet sniffer searches (sniffs) for  packets being sent to/from your computer.  Unfortunately,  due to security considerations,  we are not able to install  packet sniffers on the lab machines .  What we will do, instead, is have a few labs that take data dumped from a packet sniffer and use the snoop command to view that data.

To see more examples of protocols in action at a much more detailed level (and to be able to see the traces of  your commands)  we highly recommend that you install the Ethereal packet sniffer (available for download here) on your own personal machine and play with it.

For a more structured introduction to the use of Ethereal we recommend the following set of labs (associated with the class textbook). Please note that the links to these labs will only work if you are logged onto the UST domain.  You should also check out the tutorial article,  A Guided Tour of Ethereal, from the Linux Journal.

Ethereal labs from Kurose and Ross