I do a lot of network programming and Ethereal is an absolute essential tool to have. When I reformat my computer this is one of the first tools that get loaded. I have always found it a fun exercise to close all programs and let Ethereal run. You can very quickly get an idea of what programs running on your computer are talking to the Internet without your knowledge. You will get the usual ARP requests, MS Browser requests, and sometimes AV updates. The things to look out for is traffic that you were not expecting, perhaps a spyware program talking to www.adsrus.com. This is actually one of the sure fire ways to find spyware on your system. You just have to be patient and educate yourself on what you are looking at.
In response to vicky99’s question, it all depends. I am assuming that you have a wireless café running into a broadband connection. I am also assuming that the network is internally switched (meaning you have a switch not a hub) and everyone is running a variant of Windows.
The purpose of Ethereal is to listen to all network traffic seen by your computer. There is an additional mode of Ethereal called promiscuous mode that will not only allow you to see traffic addressed to your particular computer but anything on the wire. You should review a good networking book for all of the details but basically if you have a hub then you will be able to see everything that all computers on your network sends and receives. If you have a switched environment then you will only see what is coming to your computer. This may further be complicated by NAT routing. Once again you should get a good understanding of how common networks work.
What you see is also determined by the placement of the listening computer. If you are one of the computers out in the larger network then you will not see as much. The idea placement should be between your LAN hub or switch and the Internet connection or router. Another caveat to this process is if you have wireless. Promiscuous mode usually does not work on wireless networks on Windows based machines. This is yet another reason to place the listener right before the external Internet connection.
As for seeing all traffic that your patrons are requesting, yes you can very well do that. The downside is that there will be A LOT of traffic and you will have to learn how to filter the requests. Ethereal is only a listener. If you want to be more proactive then you will have to use another product such as Snort. Snort is another free open source product and is usually used as an intrusion detection system (IDS). It uses all the same file formats as Ethereal so the two are very complementary. I am far from an expert on Snort so I will leave it to someone else to explain the finer details. Entire books (quite large ones) have been written on both Ethereal and Snort as well as a large amount of information on the web.
At the very least you should try it out. You have nothing to loose and a great deal of knowledge to gain. If you have a question then stop by the Ethereal website, the documentation is quite good. The mailing list is also a good place to ask questions. I have asked a few questions myself and have always gotten a quick and helpful response. I hope this helps you out and if you have questions be sure to let us know.
Welcome to AstaHost - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!