Ethereal is very helpful in looking at the broadcast traffic on your network. If you were using hubs, you would see all network traffic but the hubs would give your network a serious performance hit. Obviously switching is better.
It isn't any help on point to point connections on a switched network unless you are one of the points in the connection.
Ethereal would likely show if your network was infected with a worm because of all of the probing worms do.
To better understand the information given by Ethereal, you should do a little research on how TCP/IP works and any other protocols you are using on your network. IPX/SPX, AppleTalk, and NetBEUI all do a fair amount of broadcasting. If you see packets from those protocols and you aren't intentionally using them, I would find the device and disable those protocols. Printer Servers are notorius for having them all enabled by default. They can clog your network with a lot of unnecessary traffic.
Hope this helps.
This e-mail may contain information protected under the Family Educational Rights and Privacy Act (FERPA). If this e-mail contains student information and you are not entitled to access such information under FERPA, please notify the sender. Federal regulations require that you destroy this e-mail without reviewing it and you may not forward it to anyone.
>>> Bryan Thompson <[log in to unmask]> 4/20/2007 9:29 AM >>>
I have a funny story to tell you, but I also have a question.
Yesterday, our e-mail server kept timing out, and our Internet
connection was at a crawl for many hours of the day. I called
SoverNet, our Internet provider, and I was told that we were using
our entire bandwidth. This morning, same thing. I decided to
download, and install ethereal on a windows box, and I started
sniffing - yes, without reading the manual. While the program was
sniffing, I got a call from [someone] in the district that has very
few security restrictions because this [someone] can be trusted, and
needs more access than other people. Anyhow, this person was needed
help with something else in his/her room, which I fixed, but then
said person said his/her computer was acting slow, and wondered if he/
she stopped a few downloads if it would speed up her computer. I took
a look, and said person was downloading 28 large files at one time.
We discussed what happens when too many large files are downloaded at
one time, and that problem was resolved.
This is a funny story because I accidentally found the problem, but
I'd like to know more about sniffing programs. The data that I got
back from ethereal, out of the box didn't help me find the problem
right away - I did only run it for a minute though just to play with
it. Can anyone give me advice on reading ethereal data, or any other
network sniffing solutions? Also, I installed ethereal on a regular
PC box in my office - I'm guessing the box should be in front of our
firewall to get better data, or maybe right behind it, as I wouldn't
be able to see our internal IP addresses in front of it?
Winooski School District
60 Normand Street
Winooski, VT 05404