Misc Links
Forum Archive
News Archive
File DB
 

Ads
 

Advertisement
 

Latest Forum Topics
wow 56 k modems are
Posted by Red Squirrel
on Oct 14 2013, 11:52:23 pm

I Need A Program
Posted by rovingcowboy
on Sep 23 2013, 5:37:59 pm

having trouble witn lan
Posted by rovingcowboy
on Sep 23 2013, 5:40:56 pm

new problem for me
Posted by rovingcowboy
on Sep 23 2013, 5:54:09 pm

RBC Royal Bank
Posted by Red Squirrel
on Aug 13 2013, 6:48:08 pm

 

What are packet sniffers and are they good or bad?
Internet eavesdropping, network diagnostic and more
By Red Squirrel


Suppose your network is really slow, and you can't figure out why the activity light is always flashing. You know there's lot of data being transferred but how can you find out what this data is? This is where a packet sniffer can help you out.

Set it up, let it capture for a bit of time while you are not doing anything with the connection, then stop it. Then you can go through the packets and if you see something such as lot of connections to a certain port, connections from a certain IP or anything suspicious, then you know something is not right, so you can proceed with researching for more info on this particular type of activity, and meanwhile block the IP/port in question.

A good example is when I had a customer's computer. I was running UD on it off a network drive, while I was doing other stuff. But I had noticed the activity light was continuously flashing. So I put in a packet sniffer, (Packetmon, in this case, which is more lightweight and easier to use, for quick little sniffs) and there was tons of netbios packets. So I checked the content and found mostly giberish but some stuff was readable such as the network path to the UD folder. So immediately I knew all this activity was because of UD. If it was, say a virus, then I would of wondered what the referring file was, and could of did research on this file and then found out it was a virus.

So packet sniffers can be quite useful to diagnose network issues. But realize that there's allot of stuff that goes on a network, so even without issues, you will pickup quite a few packets on a single 1 hour or so time frame. Usually it's netbios related packets for poling and such.

Another good use for packet sniffers is to learn how a specific protocol language works. For example if you want to know what your browser actually sends to the server to get a web page, fire up the packet sniffer, and open a website then check the result. The fact that it shows it in hex as well is very important since you can differentiate between the different types of spacing and what not, as \n\r might work for some applications but in some others you may need to use \n. Things like this would not be noticeable if it were only text.

While packet sniffers are usually looked as being bad things, I hope this article has cleared things about their positive use and what makes them great tools around the network.

Additional links:

http://www.ethereal.com
Ethereal's official website.

http://www.rhizome.org/carnivore
Carnivore Personal Edition (abscract art with packets)

http://www.analogx.com/contents/download/network/pmon.htm
Packetmon, a small, simple packet sniffer.

http://www.epic.org/privacy/carnivore/foia_documents.html
Various documents about FBI's Carnivore (DCS 1000)

Red Squirrel
IceTeks.com Owner





spacer
26489 Hits Pages: [1] [2] [3] 1 Comments
spacer


Latest comments (newest first)
Posted by Red Squirrel on February 02th 2005 (15:40)
Well it's not as easy as you think. You basically need to try and trick the switch into thinking it's a hub. Never done it but I know it has to do with flooding it with a bunch of arp packets and such. But on a typical college/school network I'm sure there's security in place to avoid this, such as filtering of these packets and what not.
spacer
View all comments
Post comment


Top Articles Latest Articles
- What are .bin files for? (669062 reads)
- Text searching in linux with grep (161180 reads)
- Big Brother and Ndisuio.sys (150471 reads)
- PSP User's Guide (139547 reads)
- SPFDisk (Special Fdisk) Partition Manager (117240 reads)
- How to Use MDADM Linux Raid (188 reads)
- What is Cloud Computing? (1225 reads)
- Dynamic Forum Signatures (version 2) (8769 reads)
- Successfully Hacking your iPhone or iTouch (18714 reads)
- Ultima Online Newbie Guide (35906 reads)
corner image

This site best viewed in a W3C standard browser at 800*600 or higher
Site design by Red Squirrel | Contact
© Copyright 2019 Ryan Auclair/IceTeks, All rights reserved