Preliminary Ethereal User's Guide

An Anonymous Coward writes "The prelimiary Ethereal User's Guide is up. It will be updated over the next month or so, and will be followed by a Developer's Guide. It is all done in DocBook and the source will be up at the Ethereal web site." If you haven't used ethereal, its an extremely excellent packet sniffer: play with it a little and you'll never use telnet and FTP again (unless of course you knew that already).

Re:*sigh* - use cables with Tx lines snipped

[John+Jorsett]

I agree that anyone who is knowledgeable and wants to remain undetected can probably do so. My warning wasn't addressed to the hackers/crackers out there (who, after all, don't need me to tell them about the dangers) but rather those who out of curiosity might run out and install this software on their work machine running, for example, Win98. If their network administrator suddenly notices that they're sniffing the local net, there're are going to be some questions asked. And legitimately so. There a are a number of ways, some easier to implement than others, to tell when there's a packet sniffer on your net. For a list, take a look here (scroll down to 2.5 - "How can I detect a packet sniffer?").

Ethereal == Nectar of the gods

[_underSCORE]

Thanks to Ethereal, I discovered a bug in Java's HttpURLConnection. For some reason, after I would make rapid requests to a site, the HTTP headers wouldn't be set, even though I set them in my code. My debugging messages said that I was setting them, but when I used Ethereal to sniff the packets, whoops, they were set to their default values. I called up sun, and it was given a bug ID. They plan to fix it in the 1.3 release for UNIX. I can't tell you how much time this has saved me. It truly is a triumph of open source.

Lucky me, I also run VMWare, which flips on promiscuous mode anyway, so if someone is using a sniffer detector, I can always blame VMWare.

Sniffing FAQ

[Mark+A.+Rhowe]

A great resource that I refer to alot:
Sniffing (network wiretap, sniffer) FAQ