Internet eavesdropping, network diagnostic and more
By Red Squirrel
Set it up, let it capture for a bit of time while you are not doing anything with the connection, then stop it. Then you can go through the packets and if you see something such as lot of connections to a certain port, connections from a certain IP or anything suspicious, then you know something is not right, so you can proceed with researching for more info on this particular type of activity, and meanwhile block the IP/port in question.
A good example is when I had a customer's computer. I was running UD on it off a network drive, while I was doing other stuff. But I had noticed the activity light was continuously flashing. So I put in a packet sniffer, (Packetmon, in this case, which is more lightweight and easier to use, for quick little sniffs) and there was tons of netbios packets. So I checked the content and found mostly giberish but some stuff was readable such as the network path to the UD folder. So immediately I knew all this activity was because of UD. If it was, say a virus, then I would of wondered what the referring file was, and could of did research on this file and then found out it was a virus.
So packet sniffers can be quite useful to diagnose network issues. But realize that there's allot of stuff that goes on a network, so even without issues, you will pickup quite a few packets on a single 1 hour or so time frame. Usually it's netbios related packets for poling and such.
Another good use for packet sniffers is to learn how a specific protocol language works. For example if you want to know what your browser actually sends to the server to get a web page, fire up the packet sniffer, and open a website then check the result. The fact that it shows it in hex as well is very important since you can differentiate between the different types of spacing and what not, as \n\r might work for some applications but in some others you may need to use \n. Things like this would not be noticeable if it were only text.
While packet sniffers are usually looked as being bad things, I hope this article has cleared things about their positive use and what makes them great tools around the network.
Ethereal's official website.
Carnivore Personal Edition (abscract art with packets)
Packetmon, a small, simple packet sniffer.
Various documents about FBI's Carnivore (DCS 1000)
This site best viewed in a W3C standard browser at 800*600 or higher
Site design by Red Squirrel | Contact
© Copyright 2021 Ryan Auclair/IceTeks, All rights reserved