Ethereal is one of those programs that many network managers would love to be able to use, but they are often prevented from getting what they would like from Ethereal because of the lack of documentation. This document is part of an effort by the Ethereal team to improve the usability of Ethereal. We hope that you find it useful, and look forward to your comments.

The intended audience of this book is anyone using Ethereal. This book will explain all the basics and also some of the advanced features that Ethereal provides. As Ethereal has become a very complex program since the early days, not every feature of Ethereal might be explained in this book. This book is not intended to explain network sniffing in general and it will not provide details about specific network protocols. However, as this book evolves in time (like Ethereal itself), this might change in the future. By reading this book, you will learn how to install Ethereal, how to use the basic elements of the graphical user interface (like the menu) and what's behind some of the advanced features that are maybe not that obvious at first sight. It will hopefully guide you around some common problems that frequently appears for new (and sometimes even advanced) users of Ethereal.

The authors would like to thank the whole Ethereal team for their assistance. In particular, the authors would like to thank: Gerald Combs, for initiating the Ethereal project and funding to do this documentation. Guy Harris, for many helpful hints and a great deal of patience in reviewing this document. Gilbert Ramirez, for general encouragement and helpful hints along the way. The authors would also like to thank the following people for their helpful feedback on this document: Pat Eyler, for his suggestions on improving the example on generating a backtrace. Martin Regner, for his various suggestions and corrections. Graeme Hewson, for a lot of grammatical corrections. The authors would like to acknowledge those man page and README authors for the ethereal project from who sections of this document borrow heavily: Scott Renfro from whose mergecap man page is derived. Ashok Narayanan from whose text2pcap man page is derived. Frank Singleton from whose README.idl2eth is derived.

This book was originally developed by Richard Sharpe with funds provided from the Ethereal Fund. It was updated by Ed Warnicke and more recently redesigned and updated by Ulf Lamping. It is written in DocBook/XML. You will find some specially marked parts in this book: You should pay attention to a warning, as otherwise data loss might occur. A note will point you to common mistakes and things that might not be obvious. Tips will be helpful for your everyday work using Ethereal.

The latest copy of this documentation can always be found at: .

Should you have any feedback about this document, please send them to the authors through &EtherealDevMailList;.