Network tools Ethereal and Netcat, and some network docs

For a really good networking time, try "ethereal", a superb GUI network packet/stream analyzer. It understands the protocols of lots of different kinds of packets, and displays their contents for you in human-readable form. It will collect the content of all the packets of a TCP/IP stream and show it to you in ASCII. Extremely educational! Ideal for figuring out, e.g., exactly why your mail client is not communicating with your ISP's POP or SMTP server, and is only giving you strange error messages. Ethereal is newbie-friendly! http://www.ethereal.com Here's a command line for starting it with some good options (and, if you're on a cable Internet account that floods your NIC with ARP packets, obscuring everything else, filters those out). If you're on a dialup modem account, change eth0 to ppp0. You have to be root. ethereal -i eth0 -k -S -t a -f 'not arp' If ethereal is your network eyes, netcat is its complement, your network hands. Netcat connects to a remote host and port that you specify, and whatever you shove into its stdin gets sent out to there, and whatever comes back comes out of its stdout. In other words, it allows you to do any network operation you want from a shell script! I think you can make it interactive by using named pipes. http://www.atstake.com/research/tools/network_utilities/ Typical procedure: You have a canned client, which accesses some kind of data from a network server and does something with it beyond your control. You want to get that data and do what you will with it. 1. Run ethereal, run the client, and examine and understand the traffic between them. 2. Write a script using netcat that (using the data from step 1) pretends to be the client, but captures the data and hands it to you. Networking documents -- I learned what I know of networking from these excellent (ASCII) docs and from examining smtp, pop3, http, and mp3-stream operations with ethereal. They will take you from zero knowledge to comfortable familiarity. ftp://athos.rutgers.edu/runet/tcp-ip-intro.doc ftp://athos.rutgers.edu/runet/tcp-ip-admin.doc

begin <m%3ub.25614$Dw6.129365@attbi_s02>, mark@cosmicpenguin.com (Mark S Bilk) writes: > > For a really good networking time, try "ethereal", a superb GUI > network packet/stream analyzer. It understands the protocols of > lots of different kinds of packets, and displays their contents for > you in human-readable form. It will collect the content of all the > packets of a TCP/IP stream and show it to you in ASCII. Extremely > educational! Ideal for figuring out, e.g., exactly why your mail > client is not communicating with your ISP's POP or SMTP server, and > is only giving you strange error messages. Ethereal is > newbie-friendly! > > http://www.ethereal.com Ethereal is indeed an excellent tool. Another great feature is that it will read snoops made using tcpdump. We have a lot of Nokia firewalls and I'm often running tcpdump on 2 or more interfaces looking for network problems. Copying the tcpdump files to my laptop and analysing them with ethereal is brilliant. As with any SW ensure you have the latest version installed. There have been 2 or 3 security bugs found in ethereal over the past year or so.