User`s guide
(C) 2003 Airscanner Corp. http://www.airscanner.com
network. To facilitate this example, we simply sent messages to our own chat client. After a few
sentences, we stop the capture and let Ethereal load the data into the packet display windows. At
this point, we have a great deal of commingled data. How can we sort through this data to find
our chat session?
We could set up a filter; however, this would still leave us with numerous packets that we
would have to piece together. Because of this, we are going to use the TCP stream-following
feature incorporated into Ethereal. This feature alone distinguishes Ethereal from the many
others available; in addition, Ethereal is free. To use this, we need to find a packet using the
AIM protocol and right-click on it. This will bring up a menu, which contains Follow TCP
Stream as the first option. We click on this, and after a few seconds (or minutes, depending on
the computer speed and the amount of data) we get a window similar to Figure 9.6. Now we
have our complete chat session available to read through. If a hacker or network administrator
were using this program while you were chatting with a friend, she too would be able to see the
entire conversation.
As you can see, Ethereal has almost unlimited possibilities. It is full of features that make it
the obvious choice for the both the low budget hacker or the thrifty network administrator. This
is one program that should be part of every computer geek’s arsenal or investigative tool bag.