software library that can convert the captured data into the libpcap format. This format is
the “standard” used by almost every *nix-based sniffer in circulation today. By
incorporating this aspect into WinPcap, Ethereal can create files that can be ported to
other platforms for dissection or archiving.
3.2.2.2 Installing WinPcap
To install WinPcap, follow these steps:
1.1.Download the file from http://winpcap.polito.it.
2.2.Make sure it is not already installed:
Start
→
Settings
→
Control Panel
→
Add/Remove Programs
3.3.Run the WinPcap Install program.
3.2.2.3 Installing Ethereal
To install Ethereal, follow these steps:
1.1.Download the file from http://www.ethereal.com.
2.2.Ensure WinPcap is installed (Version 2.3 and up required):
3.3.Start
→
Settings
→
Control Panel
→
Add/Remove Programs
4.4.Run the Ethereal install program.
5.5.Select the components to install:
• Ethereal—Standard Ethereal program
• Tethereal—Ethereal for a TTY environment (No GUI)
• Editcap—Tool for editing/truncating captured files
• Text2Pcap—Tool for converting raw ASCII hex to libpcap format packet
capture files
• Mergecap—Tool for merging several capture files into one file
6.6.Finish installation.
3.2.2.4 Running Ethereal
Launch Ethereal from Start
→
Programs
→
Ethereal
→
Ethereal. Details on using
the program are covered after Linux section later in this chapter.
3.2.3 Installation on Linux
Linux is the preferred platform for Ethereal. This is because Linux allows programs
to interface directly with the hardware installed in the computer. B However, this
increased functionality does come with its share of problems.
Because of the nature of open source software, you can never be sure what is
included in a package, or how it will work with a certain piece of software. Whereas one
program might work flawlessly right out of the box, another program might require
several additional operating system components or tweaks to existing files before it will
run. However, Ethereal is fairly stable across the various Linux platforms, as long as you
ensure that the configuration file is set up correctly.
3.2.4.1 Using Ethereal
Using Ethereal is basically the same regardless of the OS. The GUI and general