Misc Links
Forum Archive
News Archive
File DB


(nothing here)



Latest Forum Topics
wow 56 k modems are
Posted by Red Squirrel
on Oct 14 2013, 11:52:23 pm

I Need A Program
Posted by rovingcowboy
on Sep 23 2013, 5:37:59 pm

having trouble witn lan
Posted by rovingcowboy
on Sep 23 2013, 5:40:56 pm

new problem for me
Posted by rovingcowboy
on Sep 23 2013, 5:54:09 pm

RBC Royal Bank
Posted by Red Squirrel
on Aug 13 2013, 6:48:08 pm


What are packet sniffers and are they good or bad?
Internet eavesdropping, network diagnostic and more
By Red Squirrel

Ethereal looks very scary at first but it's very powerful and has lot of filtering options. Below is a screen shot of the capture dialog, you can set the options for the capture such as filtering, how long to capture for, etc. What is nice about this one is that you can specify files, as some packet sniffers just store it in memory, which is very limited. But with Ethereal you can leave it running for days as long as you have enough disk space to store all the captures, since it gets pretty big.

Capture settings

Capture in progress...

Live capture undergoing

Once a capture is stopped you get the main window where you can click on a packet and dissect it to get more information. Ethereal understands quite a few protocols so it also gives you information based on the protocol used for that packet, such as HTTP, FTP, etc. Click the image below for larger version.

Main window

What's really nice is all the filter options. Also, you can follow a tcp stream - so you can see the conversation between a client and a server during that time frame starting from the connection to the disconnection.

In most cases, you would run a packet sniffer on your computer and it would sniff both incoming and outgoing packets to that computer. But on a network with a hub, you would also receive packets from/to other computers. This is why a switched network is much more private, because packets are sent to your computer only, and when you send packets they are sent only to the destination computer. So for someone to eavesdrop on you they'd have to either plug in a computer acting as a gateway, with the sniffer, or they'd have to replace the switch with a hub and hook up the packet sniffing machine to the hub.

On the next page we'll take a closer look at how packet sniffers can be beneficial, such as in diagnosing network problems.

Next Page
28841 Hits Pages: [1] [2] [3] 1 Comments

Latest comments (newest first)
Posted by Red Squirrel on February 02th 2005 (15:40)
Well it's not as easy as you think. You basically need to try and trick the switch into thinking it's a hub. Never done it but I know it has to do with flooding it with a bunch of arp packets and such. But on a typical college/school network I'm sure there's security in place to avoid this, such as filtering of these packets and what not.
View all comments
Post comment

Top Articles Latest Articles
- What are .bin files for? (669062 reads)
- Text searching in linux with grep (161180 reads)
- Big Brother and Ndisuio.sys (150471 reads)
- PSP User's Guide (139547 reads)
- SPFDisk (Special Fdisk) Partition Manager (117240 reads)
- How to Use MDADM Linux Raid (188 reads)
- What is Cloud Computing? (1225 reads)
- Dynamic Forum Signatures (version 2) (8769 reads)
- Successfully Hacking your iPhone or iTouch (18714 reads)
- Ultima Online Newbie Guide (35906 reads)
corner image

This site best viewed in a W3C standard browser at 800*600 or higher
Site design by Red Squirrel | Contact
© Copyright 2021 Ryan Auclair/IceTeks, All rights reserved