ethereal

After hearing from some friends that they found the color schemer tool useful, I thought I’d post another one that I use a lot, Ethereal. Ethereal is a tool that can record all network traffic coming in or going out of your computer. While I know that the mere thought of sorting through the many, many packets that come through your computer must just fill you with excitement, let me continue to tell you why it is cool.

I mainly use ethereal for two purposes, checking my computer for malicious activity, and debugging in Flash. When creating applications that need to connect to a server in a reasonably complex way (like a socket connection), it is useful to do a sanity check to see what is actually being transmitted to the server.

For instance, when you use the XMLSocket object, anytime you “send” a packet, it is really just inserting a zero byte in the stream. There actually can be multiple sends in what is actually a single packet. There will just be several zeros to delimit the packet. Also, as you start to deal with special characters it is helpful to know how they show up.

Recently I’ve been working on an a personal project where the bytes being sent in the packet end up being as important as the content that is actually being transmitted. If I get a byte off, or if Flash sends a character as UTF-8 when the server needs UTF-16, then I can have some problems. Flash is a fantastic high-level language, in fact my favorite, but when you are interfacing with much lower-level solutions on the server, getting the reality is nice.

My favorite Ethereal features include:

protocol filtering: There is a lot of noise on the network, let Ethereal filter out the ones you know you never need.

Follow TCP Stream: Packets are complex. A single message can be split on multiple packets and when you add in the back and forth communication with the server it can be hard to follow the “conversation. This feature allows you to find one relevant packet and it reconstructs the whole back and forth.

Common Protocols: For the packets that are pretty common for most people, Ethereal goes a step further and breaks down the binary packet and explains what each part of the packet is for. I noticed recently that a version of Ethereal has started detailing Y! Messenger packets. It is clearly reverse engineered though because well… close but no cigar ;)