The interface option must be set to the NIC currently installed and in operation. Note
that in the example there are four options available. This list is from Ethereal as it appears
when installed in Windows XP. For this operating system, the list contains the NIC by
MAC address. Other versions of Windows create a list by pseudo-names (for example,
cw10, PPPMAC, wldel48, and so on). Linux’s list, on the other hand, is by interface
name (for example, wlan0, eth0, eth1,and so on).
Next, you have the capability to adjust various aspects of how Ethereal captures
information. For example, you can set it up to filter the data and only capture HTTP
information. Or, you can capture the data and update Ethereal’s display in real time. You
can also set up the ring buffer to create numerous files in case you collect the maximum
number of packets required to fill up the first file (it allows you to capture infinite
amounts of data). You can also adjust name resolution settings, which might speed up
processing, but which might reduce valuable data if disabled.
NOTE
Using Ethereal will affect your normal network connection. If you place the NIC in
promiscuous mode, you could have various connection issues.
Once these settings meet your satisfaction, click the OK button to start sniffing. After
you do this, you will see a small window open up that provides you with a running tally
of the number of each type of packet collected.
NOTE: The stats window only displays the common protocols. All others are lumped
under the Other category, which will require further investigation.
3.2.4.3 Ethereal’s Filter options
After you capture a significant amount of data, the next step is to filter it based on
