Defcon-1-Logo

           [Home]    [FBSD Articles]    [Scripts Corner]    [Contribute]    [Search]    [FBSD Links]    [Files]

About Us

FreeBSD Articles
  *Hardware
  *Networking
  *Security
  *Software
  *X Windows


Files / Scripts
Newbies Corner
Tech. Talk
Tips and Tricks


FreeBSD Links

Articles in other
Languages :
  *French Articles
  *Spanish Articles

Want to Help ?
 
   Click Here

Email Users5

Search:
 

 


FreeBSD Search:


 

 

Powered-By-Apache-Logo
Defcon1 Logo

   Using the Ethereal Network Analyzer

   Hi,

   My name is Joe Warner and I'm an Operations Technical Analyst with Shared Medical Systems http://www.smed.com/ Technically,
we are now a subsidiary of Siemens http://www.siemens.com The merger became official around the first part of July http://www.smed.com/news/press/07-06.htm

I got started working in the computer/technology field in 1996 when I was working in the technology department for one of Holiday Inn's larger call centers, located in Salt Lake City, Utah. They are now owned by BASS Hotels and Resorts http://www.bass.com/win_frames.htm  I started work in the department there as an entry level technician, working primarily on Macintosh computers, assisting the network administrator with duties involving the network and Novell file servers. I
eventually ended up being tasked with the email administration for the call center, running Microsft Mail 3.5. I did most of the administration from a PowerMac 6100 "pizza box" with a DOS card.

After Holiday Inn, I started work Feb. 9, 1996 at SMS as a PC Specialist and gradually moved on to AS/400 administration, since, our field office http://www.smed.com/solutions/products/medseries.htm uses AS/400's to write medical software that it sells to hospitals world wide.

Shortly after I started working for SMS in 1996, a coworker introduced me to Linux and I was facinated. I spent the next few years, experimenting with different flavors of Linux (mostly Caldera and Red Hat). During this time, I decided it would be good to become more involved with the Linux/Open Source Community and joined a local user group called The Salt Lake Linux Users Group (SLLUG) http://www.sllug.org/ that meets every third Wednesday of the month at the INSCC Engineering Building auditorium on the University of Utah campus. It was at one of these meetings that I was introduced to the FreeBSD operating system. Wes Peters http://www.xmission.com/~softweyr/wes/home.html from Softweyr, LLC http://www.xmission.com/~softweyr/ presented a slideshow and demonstration of FreeBSD. He really did an excellent job of covering the history of the different BSDs and also explaining the similarities and differences of FreeBSD and Linux. He also came with a box full of shrink wrapped copies of the FreeBSD 3.4 cdrom set that he tossed into the audience! I'm so glad I was paying attention that night and caught one! I've been hooked ever since! 8^)

I've been using FreeBSD 3.4 for about 6 months now and am continually amazed at the power and capability of this unique and diverse operating system.

Since our shop is mostly IBM/Microsoft, I wanted to find ways that a PC running FreeBSD might be a useful and cost effective addition to our network and current inventory of resources. In doing so, I have sucessfully implemented the use of an Apache web server http://www.apache.org/ as the server and platform of choice for a proposed intranet. I also have a fully functioning FTP server and Samba server http://us4.samba.org/samba/samba.html in place. After this, I had read comments/articles from people talking about using the Ethereal Network Analyzer http://ethereal.zing.org/ and decided this might be a useful utility to have. Quoting from "man ethereal", "Ethereal is a GUI network protocol analyzer. It let's you interactively browse packet data from a live network or from a previously saved capture file. Ethereal knows how to read libpcap capture files, including those of tcpdump. In addition, Ethereal can read capture files from Snoop (including Shomiti), LanAlyzer, uncompressed Sniffer, Microsoft's Network Monitor, AIX's IPtrace, NetXray, Sniffer Pro and Radcom's WAN/LAN analyzer." For more information, please read "man ethereal".

After installing Ethereal from /usr/ports/net/ethereal , I su'd over to root, launched it and had it start collecting data from our LAN by choosing "Capture" and "Start" from the upper menu bar. While watching the data being collected in the top window, I was able to immediately see that there was a problem with one of our AS/400 Domino servers. The server was transmitting a larger than usual number of packets, indicating there might be a problem. I immediately reported this information to our Lotus Notes administrator, asking him if he knew of a problem with the server. He said he wasn't aware of one and at the same moment, one of our users came into his office, reporting that they were unable to login to the server. Later, it was determined that there was a problem with TCP/IP on the server and stopping and starting TCP/IP resolved the problem.

Later, I told one of my managers about Ethereal and how I was able to sucessfully identify a problem on our network with it. He was very interested and said he thought this might be a very useful utility to have in place. I preached the FreeBSD gospel to him, summarizing everything to date, I had been able to accomplish. He seemed very impressed and recommended I learn as much as possible about Ethereal and it's many uses.

After this, I was able to implement the use of my FreeBSD system, running Ethereal again. Recently, we had some users experiencing big delays when trying to install a piece of software on our corporate WAN,
while dialed in with a 56k connection from home. We had one of the users bring their pc in and we put a NIC card in it to install the software from our LAN. The install process took less time, since our connection to corporate's LAN was at least 512k but it was still a little slow. The manager I had initially introduced FreeBSD and Ethereal to, requested that I run a trace on this machine's IP address during the whole install process. This was accomplished by logging in as root, launching Ethereal and creating a filter so that Ethereal would only collect data from a specific IP address. To do this, I chose "Edit" and then "Preferences" from the upper menu bar. I then selected the "Filters" tab, typed in a name for the filter in the "Filter name" box and a command string (net 10.1.16.22) that Ethereal would recognize and run, in the "Filter String" box. Then, I clicked on "save" + "ok". To collect data from the filter I created, I selected "Capture" from the upper menu, selected "start" and chose the filter I had created by clicking on the "filter" button. I also selected "Update packets in real time" so I could see the data in the top window as it was being collected and selected "ok".

Some of the things we wanted to find out by running this trace were total data transfer and total time for the entire installation process. I ran a successful trace and came up with a lot of useful information like: Total number of packets, total packet length, packet protocol and total time. All this information was readily displayed in Ethereal's top window. With this information, we were able to determine that the install, while dialed into our LAN remotely, would take too long and as a result, it was decided to put the software on CD and be made available to our users for checkout.

FreeBSD, along with the use of useful utilities like the Ethereal Network Analyzer, have successfully demonstrated what a stable, powerful and cost effective OS it truly is and is becoming more of an asset and intregal part of our current network that we can draw upon each day.

I highly encourage anyone with BSD running on a LAN at work or home to give Ethereal a try. I'm certain you will be glad you did! For more information on Ethereal, please read an excellent article written by Dru Lavigne at http://www.oreillynet.com/pub/a/bsd/2000/08/16/FreeBSD_Basics.html and also be sure to check out all the information at http://ethereal.zing.org/

Cheers

Joe

Email Us

ghostrdr@defcon1.org

This site cannot be duplicated without permission

© 1998 - 2010 Defcon1, www.defcon1.org. Copyrights for all materials on this web site are held by the individual authors, artists, photographers or creators. Materials may not be reproduced or otherwise distributed without permission of www.defcon1.org and the content's original author.