Tuesday, January 31, 2006

Ethereal Ethereal

Ethereal:
1. Characterized by lightness and insubstantiality; intangible.
2. Highly refined; delicate. See Synonyms at airy.
3.
a. Of the celestial spheres; heavenly.
b. Not of this world; spiritual.
4. Chemistry. Of or relating to ether.

No, that is not what I am talking about here, but rather, the slickest network protocol analyzer I have ever used.

The way it works is that it taps all the traffic on one adaptor on your computer - in my case, usually an ethernet adaptor, and captures all the traffic over that adaptor until you stop capturing. It then analyzes all the protocols in that captured traffic, in this case, above the ethernet, including IP, UDP, TCP, POP3, SMTP, HTTP, etc. protocols. And it then displays them in a form easily understandable to someone understanding communications protocols.

I was first turned on to Ethereal by Mark Russinovich (in his Sysinternals blog) when he used it to detect some of what the Sony DRM rootkit code was doing a couple of months ago. (As a result of this detection, Sony BMG was sued by a number of parties and has now apparently settled its class action suits).

Ethereal is a must have when debugging Internet problems. I am in the process of rearranging email accounts, and moved my main forwarding address last night to point at a different account. But Mozilla wouldn't download the messages from that account. I never did figure out exactly what was wrong, but ultimately found that it did work when I duplicated that account in Mozilla. But before that, I had watched what happened when I accessed it from Eudora, as well as when I accessed other POP3 email accounts of mine. So, by then, I had a pretty good idea of what should have been happening and wasn't.

Except when accessing my local email server, Mozilla first uses DNS to find email hosts. That wasn't happening. It then utilizes POP3 protocol to download email. That too wasn't happening with this account. That Mozilla wasn't sending out the DNS query made it obvious that the problem was with Mozilla, and not how I had it configured. We never got to the POP3 protocol, so POP3 configuration problems were obviously not the issue. So, no surprise that when I duplicated the configuration of the mailbox, things worked perfectly.

Ethereal can be found at Source Forge.

Labels:

10:28 AM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None