Network Packet Sniffer
Results 1 to 8 of 8

Thread: Network Packet Sniffer

  1. #1

    Network Packet Sniffer

    I've been having trouble finding a good packet sniffer. Are there anyones that sniff packets on a LAN and not just the packetes that go to the computer. Because I have ones that sniff only packets coming to my computer and out, but are there ones that would sniff packets on a whole network?

  2. #2
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Well here's one for you.. how are your connected to the LAN? Because if you are going into a switch then you'll only be able to sniff packets destined for your computer. If you are on a hub, that anything that listens to the wire will show you every packet because by definition ethernet is a broadcast technology. I really wish you people would research this stuff before you post your questions. There are tons of packet sniffers out there, there are many listed on this website. They are talked about regularly. A search on AO or on google, or anywhere else for that matter would have revealed several, including the god of packet sniffing Ethereal. No i'm not giving you the link, figure it yourself. Before you say hey, I'm going to sit and sniff other peoples packets (quite often illegal btw), you should know what the hell you are doing and a little bit about the technologies involved. If anyone wants to neg me and call me a jackass for this one as well.. bring it on, because what I've said is the truth, do some damned research and learn a thing or two instead of asking to be spoonfed.

    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Senior Member
    Join Date
    Sep 2003
    Posts
    161
    good packet sniffers includ TCPDump, Dsniff, Snort, Etherape and Ethereal.

  4. #4
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    HTregz,

    You hit the nail on the head and this is the 3rd post in a real short amount of time, where the folks asking the questions, just have no clue about what they would be getting into.

  5. #5
    Senior Member
    Join Date
    Aug 2003
    Posts
    205
    HTRegz,

    I wont call you a jack ass!!! but I think you were too quick to respond w/o understanding the full features of a switch.

    Your comment:
    "Because if you are going into a switch then you'll only be able to sniff packets destined for your computer" is not totally accurate...........This is the default feature....
    You can however span a port to mirror any port/s and or VLANs you want therefore allowing you to sniff any traffic on the switch you are connected to.

    Just an FYI...

    P.S.

    Just another note...Ethernet is a broadcast technology wether you are using a hub or a switch.....Another false statement...Sniffers/protocol analyzers monitor collision domains nothing to do with broadcast domains..

  6. #6
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Yes this is true, and yes I do know that.. however this person doesn't even grasp the simple concept of sniffing, there is no way it is their own switch (also if it's a home LAN, most low-end switches don't support this feature). I didn't want to get over their head.. I decided to leave it at the basics, since the odds are he's in a res. or something like that and plugged into a switch port that he has no control over.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  7. #7
    Member
    Join Date
    May 2002
    Posts
    68
    Actually that's not true, you can sniff a high end, say cisco switch, if it doesn't have vlans defined, by continually corrupting/resetting the mac table, which causes it to broadcast all packets out all ports inorder to rebuild the table. There are sniffers that do this.
    [gloworange]
    find /home/$newbie -name *? | www.google.com 2>/dev/null
    [/gloworange]

  8. #8
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    ARP Cache Poisoning
    CAM Table Flooding
    Switch Port Stealing

    There are plenty of ways to sniff other computers on a switch that don't have a "mirror port" on them. The biggest problem is that to sniff all traffic, if you don't have a mirror port, you will have extream ammounts of data going across the switch and actually cause it to run slower then the equavlent speed hub.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •