Manualshelf

User`s guide

ManualsBrandsAirscanner ManualsComputer equipmentMobile Sniffer
11121314151617181920
(C) 2003 Airscanner Corp. http://www.airscanner.com
However, if you want to capture data from a wired network, Ethereal will work quite well.
3.2.2.1 Requirements
WinPcap: http://winpcap.polito.it
There is one requirement for Ethereal on Windows: WinPcap. This program, available for
free online, enables Ethereal to link right into the network card before the data is passed up to
the network software and processed by Windows. This program is required because of the way
in which Windows interacts with its hardware. To reduce system crashes, any program installed
in a Windows environment must interface with the OS software, which in turn communicates
with the hardware. This is meant to be beneficial by restricting direct access to the hardware,
which can cause software incompatibilities, ultimately resulting in system crashes.
In addition to the packet driver previously discussed, WinPcap includes another software
library that can convert the captured data into the libpcap format. This format is the “standard”
used by almost every *nix-based sniffer in circulation today. By incorporating this aspect into
WinPcap, Ethereal can create files that can be ported to other platforms for dissection or
archiving.
3.2.2.2 Installing WinPcap
To install WinPcap, follow these steps:
1.Download the file from http://winpcap.polito.it.
2.Make sure it is not already installed:
Start Settings Control Panel Add/Remove Programs
3.Run the WinPcap Install program.
3.2.2.3 Installing Ethereal
To install Ethereal, follow these steps:
1.Download the file from http://www.ethereal.com.
2.Ensure WinPcap is installed (Version 2.3 and up required):
3.Start Settings Control Panel Add/Remove Programs
4.Run the Ethereal install program.
5.Select the components to install:
• Ethereal—Standard Ethereal program
• Tethereal—Ethereal for a TTY environment (No GUI)
• Editcap—Tool for editing/truncating captured files
• Text2Pcap—Tool for converting raw ASCII hex to libpcap format packet capture
files
• Mergecap—Tool for merging several capture files into one file
6.Finish installation.
3.2.2.4 Running Ethereal
Launch Ethereal from Start Programs Ethereal Ethereal. Details on using the
program are covered after Linux section later in this chapter.
3.2.3 Installation on Linux
Linux is the preferred platform for Ethereal. This is because Linux allows programs to