-
January 23rd, 2004, 03:09 AM
#1
Member
Network Packet Sniffer
I've been having trouble finding a good packet sniffer. Are there anyones that sniff packets on a LAN and not just the packetes that go to the computer. Because I have ones that sniff only packets coming to my computer and out, but are there ones that would sniff packets on a whole network?
-
January 23rd, 2004, 03:14 AM
#2
Well here's one for you.. how are your connected to the LAN? Because if you are going into a switch then you'll only be able to sniff packets destined for your computer. If you are on a hub, that anything that listens to the wire will show you every packet because by definition ethernet is a broadcast technology. I really wish you people would research this stuff before you post your questions. There are tons of packet sniffers out there, there are many listed on this website. They are talked about regularly. A search on AO or on google, or anywhere else for that matter would have revealed several, including the god of packet sniffing Ethereal. No i'm not giving you the link, figure it yourself. Before you say hey, I'm going to sit and sniff other peoples packets (quite often illegal btw), you should know what the hell you are doing and a little bit about the technologies involved. If anyone wants to neg me and call me a jackass for this one as well.. bring it on, because what I've said is the truth, do some damned research and learn a thing or two instead of asking to be spoonfed.
HT
-
January 23rd, 2004, 04:19 AM
#3
Senior Member
good packet sniffers includ TCPDump, Dsniff, Snort, Etherape and Ethereal.
-
January 23rd, 2004, 05:17 AM
#4
HTregz,
You hit the nail on the head and this is the 3rd post in a real short amount of time, where the folks asking the questions, just have no clue about what they would be getting into.
-
January 23rd, 2004, 05:35 AM
#5
HTRegz,
I wont call you a jack ass!!! but I think you were too quick to respond w/o understanding the full features of a switch.
Your comment:
"Because if you are going into a switch then you'll only be able to sniff packets destined for your computer" is not totally accurate...........This is the default feature....
You can however span a port to mirror any port/s and or VLANs you want therefore allowing you to sniff any traffic on the switch you are connected to.
Just an FYI...
P.S.
Just another note...Ethernet is a broadcast technology wether you are using a hub or a switch.....Another false statement...Sniffers/protocol analyzers monitor collision domains nothing to do with broadcast domains..
-
January 23rd, 2004, 05:39 AM
#6
Yes this is true, and yes I do know that.. however this person doesn't even grasp the simple concept of sniffing, there is no way it is their own switch (also if it's a home LAN, most low-end switches don't support this feature). I didn't want to get over their head.. I decided to leave it at the basics, since the odds are he's in a res. or something like that and plugged into a switch port that he has no control over.
-
January 23rd, 2004, 04:08 PM
#7
Member
Actually that's not true, you can sniff a high end, say cisco switch, if it doesn't have vlans defined, by continually corrupting/resetting the mac table, which causes it to broadcast all packets out all ports inorder to rebuild the table. There are sniffers that do this.
[gloworange]
find /home/$newbie -name *? | www.google.com 2>/dev/null
[/gloworange]
-
January 23rd, 2004, 04:42 PM
#8
ARP Cache Poisoning
CAM Table Flooding
Switch Port Stealing
There are plenty of ways to sniff other computers on a switch that don't have a "mirror port" on them. The biggest problem is that to sniff all traffic, if you don't have a mirror port, you will have extream ammounts of data going across the switch and actually cause it to run slower then the equavlent speed hub.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|