using a network tap - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: using a network tap

  1. #11
    Junior Member
    Join Date
    Sep 2006
    Posts
    6
    Depending on budget, the market you are in, and your expertise I would recommend either Ethereal/Wireshark (both the same) or Network General Sniffer Portable. Both you can put on a laptop and decode packets in real time, and both are very good. Sniffer Portable is not free as Wireshark is though, we pay well over $1K for our licenses.

    The above are ideal for a market of home users. If you work in a corporate environment you would have to look at solutions that fit into the data centers. We do a lot of IDS/IPS and network monitoring so in our data centers we use 1ru 50 micron optical taps from a vendor known as NetOptics. We also use Gigamon Matrix switches that feed all captured data into a sniffer (Infinistream, Niksun, whatever.)

    Like I said, it depends on your which market you are in, your budget, and your expertise.

    But for just basic use for home customers Wireshark or Sniffer Portable outstanding.


    --EOF
    22 54 68 65 20 62 69 67 20 6c 69 65 20 6f 66 20 63 6f 6d 70 75 74 65 72 20 73 65 63 75 72 69 74 79 20 69 73 20 74 68 61 74 20 73 65 63 75 72 69 74 79 20 69 6d 70 72 6f 76 65 73 20 62 79 20 69 6d 70 6f 73 69 6e 67 20 63 6f 6d 70 6c 65 78 20 70 61 73 73 77 6f 72 64 73 20 6f 6e 20 75 73 65 72 73 2e 20 49 6e 20 72 65 61 6c 20 6c 69 66 65 2c 20 70 65 6f 70 6c 65 20 77 72 69 74 65 20 64 6f 77 6e 20 61 6e 79 74 68 69 6e 67 20 74 68 65 79 20 63 61 6e 27 74 20 72 65 6d 65 6d 62 65 72 2e 20 53 65 63 75 72 69 74 79 20 69 73 20 69 6e 63 72 65 61 73 65 64 20 62 79 20 64 65 73 69 67 6e 69 6e 67 20 66 6f 72 20 74 68 65 20 77 61 79 20 68 75 6d 61 6e 73 20 61 63 74 75 61 6c 6c 79 20 62 65 68 61 76 65 2e 22 20 2d 20 4a 61 6b 6f 62 20 4e 69 65 6c 73 65 6e 0d 0a 0d 0a

  2. #12
    Senior Member
    Join Date
    Mar 2004
    Posts
    119
    Just get a 4 port hub and plug the clients pc, the satelitte connection and the interface you are going to sniff with into the hub. Then use wireshark was previously mentioned to sniff the traffic. No need for network taps in this situation.

  3. #13
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Wireshark's gonna be a lot of work. It's going to entail leaving a PC on your customer's network to monitor packets, then sorting thru those packets, and for what? Only to find out these people are infected with spyware and viruses? It's not worth it, IMHO.

    If I had to do anything in your sit, I'd just get on their machine, run msconfig and pull up their startups and simply point out that there's a big part of their problem, and that there's hidden apps running beside those in all likelihood. Then, if need be, run msconfig on your own machine and compare them.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  4. #14
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by brokencrow
    Wireshark's gonna be a lot of work.
    Don't know what the big deal is:

    Auditor

    Fire it up run, it for MAYBE AN HOUR and deal with the results. Doesn't seem like much work to me (especially) when your getting paid.

    Cheers:
    DjM

  5. #15
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Fire it up Auditor, run it for MAYBE AN HOUR and deal with the results?

    First, you're assuming sundep knows TCP/IP and how to use Wireshark. So we got a learning curve in there, drive times, and jawboning with the customer. That's gonna be more than an hour.

    Second, you're assuming sundep's being paid on a callback. Likely the only reason he's doing a callback is so he gets paid for the original installation. He'll probably be lucky to get paid for following up on a complaint.

    Third, you're assuming his customers will know what he's talking about when he gives them a breakdown of the network traffic. They aren't going to know what a .cap file is. I can almost guarantee most will think he's BS'ing them around.

    Another thought, sundep: have your customers run an online AV scan like
    Panda or Trendmicro. The online scans pick up most spyware and it demonstrably puts the onus on the customer.

    I dread dealing with folks on dialups. I've had them insist they didn't need Windows updates because it's not on a broadband connection, therefore somehow immune. I've had them insist they were less vulnerable to viruses and spyware just because they're on a dialup. I appreciate that you need to demonstrate to some how compromised their PC's may be. No doubt, there's a lot of ways to do that, but the best way is to take it to their level.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  6. #16
    Junior Member
    Join Date
    Sep 2006
    Posts
    5
    Hey guys, Thanks for all the your help and ideas.

    I do not know everthing about TCP/IP and I have never used Wireshark, but I am not afraid to learn or make an effort to try something new. I do like to spend my time wisely, so that is why I am on this forum. To find out what I should or should not do before I waste a lot of time trying. That is where all of you guys/gals and your experience helps. A big thank you to every one for sharing.

    Brokenclaw,
    One of the problems that I have with "those dialup people" is that they think that "I am BS'ing them around." The goal of this exercise to to find a way to show the customer that there is extra traffic on their connection. Okay, I will confess that I also want to play with some new gadgets.

    I know that scanning for spyware and viruses and installing all of the updates would solve 99% of the problems, but I am just "the cable guy" and I do not want to turn into "the computer guy." Especially, not for joe homeowner. I do not even what to touch their computers. I am thinking that some basic scans should become part of the installation and that I should require the customer to perform the scans and updates before I turn on their connection.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides