Ethereal Packet Sniffingby Angela D. Orebaugh, Syngress Publishing Staff, Gilbert Ramirez
Only book available on extremely popular, yet completelyundocumented Open Source security tool Ethereal. This book provides insider information on how to optimize performance of Ethereal on enterprise networks. Book comes with a CD containing Ethereal, Tethereal, Nessus, Snort, ACID, Barnyard, and more! This book shows how Ethereal compiles and runs (thanks to autoconf) on many flavors of UNIX (including Linux), and Windows. It shows how to capture packets from a number of different types of networking devices and also can read capture files taken earlier using either Ethereal or other programs such as tcpdump, snoop and various other network analyzer programs.
About the Authors
Angela Orebaugh (CISSP, GCIA, GCFW, GCIH, GSEC, CCNA) has worked in information technology for 10 years. She is currently an Associate at Booz Allen Hamilton in the Washington, DC metro area. Her focus is on perimeter defense, secure architecture design, vulnerability assessments, penetration testing, and intrusion detection. Angela is expert in many commercial and Open Source intrusion detection and analysis tools including Ethereal, Snort, Nessus, and Nmap. She is a graduate of James Madison University with a masters in computer science, and she is currently pursuing her PhD with a concentration in information security at George Mason University. Her GCFW practical received honors recognition and was used as a case study in the book Network Perimeter Security: The Definitive Guide to Firewalls, VPNs, Routers, and Network Intrusion Detection by Stephen Northcutt (ISBN: 0735712328). Angela is a researcher, writer, and speaker for SANS Institute, where she has helped to develop and revise SANS course material and also serves as the Senior Mentor Coach for the SANS Local Mentor Program.
Gilbert Ramirez was the first contributor to Ethereal after it was announced to the public and is known for his regular updates to the product. He has contributed protocol dissectors as well as core logic to Ethereal. He is a systems engineer at a large company with network-related products, where he works on tools and software build systems. Gilbert is a family man, a want-to-be chef, and a student of tae kwon do. His degree is in linguistics, but his first love is programming computers, which he has been doing since childhood.
- Syngress Publishing
- Publication date:
- Edition description:
- Product dimensions:
- 7.10(w) x 9.22(h) x 1.20(d)
Most Helpful Customer Reviews
See all customer reviews
How anxious (paranoid?) are you about your network? Has a cracker taken over one of your machines and is using it to sniff your traffic? Or maybe to propagate worms, or emit spam, especially the phishing variety, which needs a server that cannot be directly owned by the phisher. For all these reasons, and as a prophylactic measure against them, sysadmins often use network analysis tools that come with their operating systems, like tcpdump under linux and unix and windump under Microsoft. But these tend to be limited in their analytic capability. A group of people wanted to improve matters. They banded together and called their product Ethereal. It is offered freely as open source, and has been tested on linux, most unixes and various Microsoft OSs. Strictly speaking, it has not been officially released. Which makes this book a little curious, on first glance. The book documents version 0.10.0, and has a CD with all the necessary code. The authors felt that pragmatically this version is stable enough and offers significantly better functionality over the alternatives. Granted, you may be trepid about installing beta code, on principle. But the authors argue persuasively that the Ethereal functionality, both in a GUI and at the command line, warrants a serious consideration by any sysadmin. Another reason to install Ethereal has to do with the case where you are already using some proprietary network analyser. If you also run Ethereal, then the two analysers act as cross checks on each other. While Ethereal may have some bugs, so too might that other product. But how might you ever know about the latter, without using Ethereal?
If you run Ethereal, you love software but hate the fact there's no real documentation. So this book is a real find. The first couple of chapters review the basics, and if you're already running Ethereal you can skip them, but once you get to the chapters on writing filters and integrating it with other apps, IDS and sniffers, you will want to read every word. The authors are all Ethereal contributors, and it's pretty clear they know their stuff. Definitely a good book.