Ethereal Packet Sniffing [With CDROM]

In Chapter 1 the book tells you to get a copy of Ethereal at www.Ethereal.com. This is correct. But be sure you spell it right, if you go to etheral you get to a rather strange looking sight with links to a lot of places that look like you just might want to be sure your virus protection is up to date. When you get to the Ethereal web site, you'll be offered a link to their documentation. You'll want to download it of course. Then the obvious question is why spend money for this book if the documentation is available free over the net. The answer is organization, layout, convenience and the fact that just having a different person explain things using a slightly different set of words and sentences sometimes makes things more clear. Look at it this way. If you're working on a network problem and reading both the on-line documentation and this book save you an hour of frustration you've more than paid the cost of the book. In addition, this book contains a great deal more information of the general or background type. For instance, I found the three pages describing the FBI's Carnivore (now DCS100) network analyzer to be quite interesting. This additional information also includes more help in understanding what the data Ethereal collects really means. If you're into the packet sniffing business, this is a book that belongs on your bookshelf.

The latest contribution of Jay Beale's Open Source Security Series, Ethereal Packet Sniffing is the first reference book to cover the "packet sniffer" security tool that has become widely used among network administrators. Individual chapters of Ethereal Packet Sniffing cover installing and using Ethereal: Network Protocol Analyzer in Unix, Linux, or Windows, filters, associated other programs that come packaged with Ethereal such as Tethereal and Editcap, integrating Ethereal with other sniffers, developing Ethereal and its design tools, and much more. An easy-to-use resource filled with screenshots, sample code, and step-by-step examples and instructions. An accompanying CD contains Ethereal itself, including installation, reference, and packet capture files, complete with a 1 year upgrade buyer protection plan, making Ethereal Packet Sniffing more than just a supplementary guide; it's computer software with a far more exhaustive starter guide than any tiny little owner's manual can offer.

I found this book to be an easy to read and follow. The book is fully dedicated to the functionailty of Ethereal. (it does not cover how protocols work etc..i mention that because this book will be popular in IDS circles) I was concerned about spending money on a book for a sniffer that i was already using and felt i already had a good handle on but i am glad i did purchase it. If you spend time going through large packet dump files the explantions on how to use the different display filters is worth the price of the book. The only complaint i would have would be the portion about "capture filters". I felt the explantion wasnt as through as i would have liked it to be but BP filters can be very diffcult to explain especially in only a few pages so its understandable. I did learn some interesting nuggets on using mergecap and using ethereal without the gui. Overall the best resource for Ethereal and worth buying.

"Ethereal Packet Sniffing" is the first book in Jay Beale's new Open Source Security Series with Syngress. It's a great book to lead the way. "Ethereal" is full of helpful tips and clear discussions that benefit newbies and wizards alike.I've been using Ethereal for around five years, and this book still taught me a few new tricks. The key to the new material is Ethereal's development, from 0.2 in July 1998 to 0.10.3 this year. (The book covers 0.10.0 which is far from being outdated.) The many improvements lend themselves to the sort of explanations found in "Ethereal." For example, my favorite material involved filters. Although chs. 4 and 5 had minor overlap regarding this feature, I learned new ways to manipulate Ethereal's packet search and display capabilities.Because the entire book focuses on a single suite of tools, it has the space to take in-depth looks at normally ignored components like stream analysis graphs. The book spends time explaining how to write filters with bitwise AND operations, and talks about 'matches' and 'contains' search functions. For programmers, the chapter on "developing Ethereal" gives clues on adding new protocol dissectors. This reminded me of a similar chapter in Syngress' book on Snort.If you want to really know how to use Ethereal, buy this book. However, it should have been called "Ethereal Packet Sniffer," not "Ethereal Packet Sniffing." The distinction lies in the book's focus; it spends most of its time explaining functions and not analyzing packets. Books on troubleshooting by Bardwell or Haugdahl have more insights to share than ch. 8 in "Ethereal." Nevertheless, I added this book to my recommended reading list for aspiring security engineers. It's worth a close read.

I am very impressed with this book and the quality of coverage. It is well written, full of examples, full of developer info. Pretty much everything you need is here, and it eliminates the need for you to go digging on web sites to find what you need. Also, one of the authors is on the EThereal product team, so you know you're getting the right stuff. There are chapters on Tethereal, installing Ethereal on Windows and UNIX. The GUI, filters, etc. Everything I looked uop was there and it's also a good book to start at page 1 and read right through.