Hey everyone. I recently joined the list because I have dabbled with Ethereal and like what is has to offer. So much flexibility! :)
I am a Network Engineer for a company who owns a Fluke Optiview (with Protocol Expert for opening captures). Another company I worked for a few years back we started on a NG Dolch running DOS, and by the time I had left the company we were on Sniffer 3.5 for Windows NT. I've had a decent amount of experience with the expensive tools and never felt the need to try anything else. I rarely work with operating systems, so I've never had much need or desire to get in to Linux, BSD, or a commercial Unix, and therefore dealt very little with the open source community - ultimately have little exposure to applicaitons such as Ethereal.
I'd like to change all of that. I do use Windows 2000 day to day for my standard applications at work like Outlook, Visio, Office XP, and I'm not sure if I'd switch to Linux or BSD just yet, but I will most likely load it on another machine for sure.
The questions I have are in regards to using Ethereal for things like finding top talkers. When the SQL Slammer hit the company I work for, I was able to look at a view in Sniffer and list it in the order of what machines are spitting out the most packets. It was obvious at that point what SQL servers and desktops (running MSDE) were infected. Is there such a thing in Ethereal? Also, is there a way to create filters to trigger alerts or emails when a match is found?
There is another great program (for Windows) called Sniff'em that is inexpensive and highly customizable. As of right now the documentation is lacking but aside from that it's useful. I'm a little disappointed that Sniffer Pro sells for $16,000 JUST FOR THE SOFTWARE. The Fluke I use at work can get the job done, but the Optiview is a $20,000 little yellow PC with Windows 98 and a couple NICs. The remote console and Protocol Expert software is ugly, not very intuitive, and I would personally never spend that kind of money on such a program.
These days it's hard to justify spending so much money when there truly are tools out there that work just as well or better. A great example is that one would have to buy Sniffer Pro for $16,000 (software only) plus any hardware taps you want, and if you want Sniffer for 802.11 that is anoter few grand. Sheesh!
Anyway, I thank you all for reading. I'm trying to be fair to myself and explore everything Ethereal has to offer. It seems very powerful and I would love to use it in a pro-active manner. Please feel free to share your thoughts, experiences, or anything else - on the list or in private email mh@xxxxxxxxxxxxxxxx or mholloway@xxxxxxxxxxxxxxxxxxx
Thanks! :)
Mark