Results 1 to 10 of 10

Thread: Ethereal

  1. #1
    Senior Member
    Join Date
    Dec 2002
    Posts
    144

    Ethereal

    I am wondering how ethereal works?

    I have tried on my network.. however i can onli see my pc traffic and the dist.. and some broadcasted packet.. how do i set ethereal to become a sniffer? or it is not a sniffer program? if it is not then what program would u recommand?

    And I need to know how network works? As what I know, when a packet is send out.. all NIC in the network will get the packet.. but the NIC will decide whether the packet is for the pc, if not.. discard the packet, if yes.. accept it.. if that is the case how come ethereal cannot see other pc traffic? is there any doc that i can read about this?
    BlAcKiE
    GearBlitz

  2. #2
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    This had been discussed many & many& ... times. pfffff

    Ethereal is a sniffer!
    It shows every single packet going through your NIC (ethernet layer).

    So the question u should ask yourself is what type of flows should normaly go through the interface where your PC is connected.
    - If the network device is a Hub you should see all media traffic
    - if the network device is an ethernet switch you should see only broadcast and unicast traffic addressed to your PC
    - if the network device is a router you should see only unicast traffic addressed to your PC
    - if the network device is a modem see only unicast traffic addressed to your PC
    -.....

    There is doc u can read:
    - search for IEEE 802.1d standard
    - search for CSMA-CD
    - search for IEEE 802.3
    ....
    - or search for smth like "Ethernet Network for dummies"
    [shadow] SHARING KNOWLEDGE[/shadow]

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    IMO ethereal is a great sniffer. It has its limits though...

    If you want to see the traffic on a switched LAN, check out ettercap.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #4
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    Ms.Mittens is always warning about ettercap, and the trouble it can get you into?
    although i've never used anything other than ethereal, myself....

    just thought you might wanna know
    yeah, I\'m gonna need that by friday...

  5. #5
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Ms.Mittens is always warning about ettercap, and the trouble it can get you into?
    That is VERY true... but only if you are misusing it. If you are using it on YOUR OWN network.. you can't get into any trouble.

    Now... if you start sniffing your cable connection or someone elses network... it can get you into trouble.

    But then again... what *CAN"T* get you into trouble these days?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  6. #6
    Senior Member
    Join Date
    Dec 2002
    Posts
    144
    Originally posted here by tampabay420
    Ms.Mittens is always warning about ettercap, and the trouble it can get you into?
    although i've never used anything other than ethereal, myself....

    just thought you might wanna know
    what is the trouble i will get into..?

    Originally posted here by phishphreek80


    That is VERY true... but only if you are misusing it. If you are using it on YOUR OWN network.. you can't get into any trouble.

    Now... if you start sniffing your cable connection or someone elses network... it can get you into trouble.

    But then again... what *CAN"T* get you into trouble these days?
    what if i am on modem?can i get into trouble?
    BlAcKiE
    GearBlitz

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by Penguin

    what is the trouble i will get into..?
    Ethercap works by flooding the MAC/port tables of the switch causing it to fail in an open state (making it essentially a hub). If it's not your network your network admin will notice this and you can get fired for pulling stunts like that.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    If you are on a cable modem, the network behaves similarly to a switched ethernet, but has security features whereby each port is tied to a MAC address (I think).

    Therefore, ettertap and its arp-poisioning friends will not enable you to sniff your neighbours' traffic.

    However, sending lots of dodgy packets with spoofed MACs will likely set off a load of the ISP's intrusion detection kit, which will be able to indentify the port and hence the customer causing trouble.

  9. #9
    Senior Member
    Join Date
    Dec 2002
    Posts
    144
    Originally posted here by SirDice


    Ethercap works by flooding the MAC/port tables of the switch causing it to fail in an open state (making it essentially a hub). If it's not your network your network admin will notice this and you can get fired for pulling stunts like that.

    Originally posted here by slarty
    If you are on a cable modem, the network behaves similarly to a switched ethernet, but has security features whereby each port is tied to a MAC address (I think).

    Therefore, ettertap and its arp-poisioning friends will not enable you to sniff your neighbours' traffic.

    However, sending lots of dodgy packets with spoofed MACs will likely set off a load of the ISP's intrusion detection kit, which will be able to indentify the port and hence the customer causing trouble.
    what is the nature of the s/w ettertap and ethercap? i meant offensive or just a sniffer without offending other node? i need to test.. and i don wanna get into trouble? and what is the best network analyser u had used? i need a s/w that can sniff and tell mi what is the data of the packet? is there such s/w?
    BlAcKiE
    GearBlitz

  10. #10
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604

    Sniffing the glue that binds the internet

    Ethereal or tcpdump should be fine for you, ettercap is an 'agressive' sniffer which is used for 'monkey in the middle' attacks by re-routing(ARP/MAC poisoning) packets through the sniffer before delivery to the proper client(This is not considered nice if the packets arent yours) Packets are not always broadcast to all channels depending on network design, and packets in another segment of the network(across a router or "smart" switch) will not be sniffable with the standard technique. Read here for router/hub details. There are many other excellent sniffers available such as dsniff and WinDump(tcpdump for M$) here are some links you can use to familiarize yourself with packet sniffing.

    http://ethereal.ntop.org/
    http://www.networknewz.com/2001/0723.html
    http://www.boran.com/security/sniff.html
    http://www.robertgraham.com/pubs/sniffing-faq.html


    Happy Sniffing,
    Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •