This document describes Ethereal, how to install it (under Windows) and how to use it to sniff network traffic.
The Ethereal web site is ethereal.com. To install Ethereal under windows you need to install two packages. The first is WinPCap which supplied the underlying network sniffing library. The second is ethereal itself which collects and interprets the network traffic it receives from the WinPCap library.
When you run Ethereal, you see a top menu. Select the Capture menu item, and then the Start ... sub-item. You will then be presented with a dialog box.
Find the Capture Filter or Filter field. Below is a list of examples of some useful directives that can go in this field.
host 137.99.20.1 Only show packets which are going to or coming from this IP. host machine.uconn.edu Only show packets which are going to or coming from this host name. src host machine.uconn.edu Only show packets which are coming from this host name. dst host machine.uconn.edu Only show packets which are going to this host name. port 25 Only show packets which are going to or coming from this port. src port 25 Only show packets which are coming from this port. dst port 25 Only show packets which are going to this port. dst host smtp.uconn.edu and dst port 25 Only show packets which are going to port 25 on host smtp.uconn.edu.
