Network traffic sniffer and monitoring
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Network traffic sniffer and monitoring

  1. #1
    Member bradlesliect's Avatar
    Join Date
    Apr 2006
    Location
    CT - SA
    Posts
    74

    Question Network traffic sniffer and monitoring

    Hi,

    I run a pretty basic Windows network sharing an ADSL connection. I am looking for an effective and easy method to traffic network traffic IN and OUT of the network - basically all internet traffic. I want to see the source and destination, the amount of time connected and the amount of traffic, the type of traffic.

    How can I do this? I have heard of ethereal - will this work for me? I want to be able to run it from a workstation but only I have access to view the logs.

    All IP addies are NATted but I still want to see source and destination.

    Possible?

    Thanks for help.
    .....I rather not say....

  2. #2
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,250
    http://www.opendns.com/

    May be what you're looking for. Not sure how great the reporting is.

    Privox (comes with tor) - depends on your level of expertise.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  3. #3
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    Ethereal will do the job.
    Easy to use. Nice filter capabilities.
    Easy to read output.

    csr
    In God We Trust....Everything else we backup.

  4. #4
    BS, EnCE, ACE, Cellebrite 11001001's Avatar
    Join Date
    Mar 2002
    Location
    Just West of Beantown, though nobody from Beantown actually calls it "Beantown."
    Posts
    1,228
    CSR -

    Ethereal is now Wireshark:

    http://www.wireshark.org/download.html

    But you're right... probably the best for this application
    That's Officer 11001001 to you...
    Now you see me | Now you don't
    "Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
    sometimes my computer goes down on me

  5. #5
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    BB,

    Guess my grey thinning hair is showing again. Any significant enhancements with wireshark or just a re-branding?
    In God We Trust....Everything else we backup.

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi there CSR,

    It was literally a re-branding and nothing more, but the project is still alive and kicking

    In June 2006 the project was renamed from Ethereal due to trademark issues.
    "Lawyers, accountants and other reptiles"?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Quote Originally Posted by Cheap Scotch Ron View Post
    BB,

    Guess my grey thinning hair is showing again. Any significant enhancements with wireshark or just a re-branding?
    Just grow a beard to match it and call yourself a "Unix Guru" and everyone will love you

    And Wireshark / Ethereal as far as I know was originally just a name change, but I'm sure they've changed a few things by now.

    Port Sniffing and things on Windows has always been a hassle for me. I generally like these tools for network toying:

    IPTraff (Linux, BSD)
    WireShark
    Hydra (Linux / BSD)
    IPSorcery (Linux / BSD)
    Hping / Hping 2 (Linux / BSD)
    tcpdump (Linux / BSD)

    Those have become incredibly useful to me.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  8. #8
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Actually that was "Lawyers and other reptiles"

    http://www.amazon.com/Lawyers-Other-.../dp/0809239191

    And Wireshark / Ethereal as far as I know was originally just a name change, but I'm sure they've changed a few things by now.
    Yeah, as I heard it was just some sort of legal crap?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  9. #9
    Junior Member
    Join Date
    Nov 2008
    Posts
    9
    hey Guys,

    i know that this is probably a very newbie question to ask and i apologise if the answer is obvious and it's just me that can't see it; but if bradlesliect has all the machines on his network connected to a router/switch, which i'm assuming he does. then if he uses Wireshark on one of those machines, wouldn't he need to combine this with some kind of ARP poisoning to be enable himself to see all of the network traffic, unlike if they were all connected to a hub?

    i have used Wireshark in the past and as i remember the version i used, didn't have the facility to ARP poison, it just sniffed packets straight from the NIC. thus, any ARP poisoning had to be done with another program. also, if bradlesliect were to use Wireshark with ARP poisoning wouldn't that have the potential to cause a huge bottleneck in network traffic, depending on the volume of traffic.

    again, i apologise if i am mistaken; i'm sure you guys are right and bradlesliect can use Wireshark. i'm just trying to learn, and get my head around some of these things. thanks in advance, if anyone can set me straight.


    regards,

    - threads
    Last edited by Threads; January 27th, 2009 at 11:13 AM.

  10. #10
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    If you do not run in promiscuous mode (PM), you will only see traffic for your mac address. However, PM only works if packets are being broadcasted to all addresses on LAN. A switch will isolate traffic. Also, some NIC cards wont support PM. Here's a decent primer on how to work around this issue...

    http://www.irongeek.com/i.php?page=s...ntrotoSniffers

    csr
    In God We Trust....Everything else we backup.

Similar Threads

  1. Trojans - Ports
    By GbinaryR in forum AntiVirus Discussions
    Replies: 11
    Last Post: October 30th, 2008, 09:33 AM
  2. Introduction to Packet Sniffing
    By tonybradley in forum The Security Tutorials Forum
    Replies: 2
    Last Post: May 17th, 2005, 01:11 AM
  3. A look into IDS/Snort Whole thing by QoD
    By qod in forum The Security Tutorials Forum
    Replies: 6
    Last Post: February 27th, 2004, 02:03 AM
  4. A look into IDS/Snort part 1 of 3
    By qod in forum The Security Tutorials Forum
    Replies: 18
    Last Post: January 5th, 2004, 01:30 PM
  5. Network Traffic Monitoring
    By TheDirector in forum Computer Forensics
    Replies: 10
    Last Post: June 1st, 2003, 01:59 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides