Hi Bryan,
Ethereal is very helpful in looking at the broadcast traffic on your network. If you were using hubs, you would see all network traffic but the hubs would give your network a serious performance hit. Obviously switching is better. 
It isn't any help on point to point connections on a switched network unless you are one of the points in the connection. 
Ethereal would likely show if your network was infected with a worm because of all of the probing worms do. 
To better understand the information given by Ethereal, you should do a little research on how TCP/IP works and any other protocols you are using on your network. IPX/SPX, AppleTalk, and NetBEUI all do a fair amount of broadcasting. If you see packets from those protocols and you aren't intentionally using them, I would find the device and disable those protocols. Printer Servers are notorius  for having them all enabled by default. They can clog your network with a lot of unnecessary traffic. 
Hope this helps.

This e-mail may contain information protected under the Family Educational Rights and Privacy Act (FERPA).  If this e-mail contains student information and you are not entitled to access such information under FERPA, please notify the sender.  Federal regulations require that you destroy this e-mail without reviewing it and you may not forward it to anyone.

>>> Bryan Thompson <[log in to unmask]> 4/20/2007 9:29 AM >>>

I have a funny story to tell you, but I also have a question.

Yesterday, our e-mail server kept timing out, and our Internet  
connection was at a crawl for many hours of the day. I called  
SoverNet, our Internet provider, and I was told that we were using  
our entire bandwidth. This morning, same thing. I decided to  
download, and install ethereal on a windows box, and I started  
sniffing - yes, without reading the manual. While the program was  
sniffing, I got a call from [someone] in the district that has very  
few security restrictions because this [someone] can be trusted, and  
needs more access than other people. Anyhow, this person was needed  
help with something else in his/her room, which I fixed, but then  
said person said his/her computer was acting slow, and wondered if he/ 
she stopped a few downloads if it would speed up her computer. I took  
a look, and said person was downloading 28 large files at one time.  
We discussed what happens when too many large files are downloaded at  
one time, and that problem was resolved.

This is a funny story because I accidentally found the problem, but  
I'd like to know more about sniffing programs. The data that I got  
back from ethereal, out of the box didn't help me find the problem  
right away - I did only run it for a minute though just to play with  
it. Can anyone give me advice on reading ethereal data, or any other  
network sniffing solutions? Also, I installed ethereal on a regular  
PC box in my office - I'm guessing the box should be in front of our  
firewall to get better data, or maybe right behind it, as I wouldn't  
be able to see our internal IP addresses in front of it?


Bryan Thompson
Technology Coordinator
Winooski School District
60 Normand Street
Winooski, VT 05404