-
January 26th, 2009, 10:26 AM
#1
Member
Network traffic sniffer and monitoring
Hi,
I run a pretty basic Windows network sharing an ADSL connection. I am looking for an effective and easy method to traffic network traffic IN and OUT of the network - basically all internet traffic. I want to see the source and destination, the amount of time connected and the amount of traffic, the type of traffic.
How can I do this? I have heard of ethereal - will this work for me? I want to be able to run it from a workstation but only I have access to view the logs.
All IP addies are NATted but I still want to see source and destination.
Possible?
Thanks for help.
.....I rather not say....
-
January 26th, 2009, 05:28 PM
#2
http://www.opendns.com/
May be what you're looking for. Not sure how great the reporting is.
Privox (comes with tor) - depends on your level of expertise.
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
-
January 26th, 2009, 06:21 PM
#3
Ethereal will do the job.
Easy to use. Nice filter capabilities.
Easy to read output.
csr
In God We Trust....Everything else we backup.
-
January 26th, 2009, 06:32 PM
#4
CSR -
Ethereal is now Wireshark:
http://www.wireshark.org/download.html
But you're right... probably the best for this application
Above ground, vertical, and exchanging gasses.
Now you see me | Now you don't
"Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
sometimes my computer goes down on me
-
January 26th, 2009, 06:57 PM
#5
BB,
Guess my grey thinning hair is showing again. Any significant enhancements with wireshark or just a re-branding?
In God We Trust....Everything else we backup.
-
January 26th, 2009, 07:41 PM
#6
Hi there CSR,
It was literally a re-branding and nothing more, but the project is still alive and kicking
In June 2006 the project was renamed from Ethereal due to trademark issues.
"Lawyers, accountants and other reptiles"?
-
January 26th, 2009, 10:40 PM
#7
Originally Posted by Cheap Scotch Ron
BB,
Guess my grey thinning hair is showing again. Any significant enhancements with wireshark or just a re-branding?
Just grow a beard to match it and call yourself a "Unix Guru" and everyone will love you
And Wireshark / Ethereal as far as I know was originally just a name change, but I'm sure they've changed a few things by now.
Port Sniffing and things on Windows has always been a hassle for me. I generally like these tools for network toying:
IPTraff (Linux, BSD)
WireShark
Hydra (Linux / BSD)
IPSorcery (Linux / BSD)
Hping / Hping 2 (Linux / BSD)
tcpdump (Linux / BSD)
Those have become incredibly useful to me.
-
January 27th, 2009, 12:07 AM
#8
Actually that was "Lawyers and other reptiles"
http://www.amazon.com/Lawyers-Other-.../dp/0809239191
And Wireshark / Ethereal as far as I know was originally just a name change, but I'm sure they've changed a few things by now.
Yeah, as I heard it was just some sort of legal crap?
-
January 27th, 2009, 12:10 PM
#9
Junior Member
hey Guys,
i know that this is probably a very newbie question to ask and i apologise if the answer is obvious and it's just me that can't see it; but if bradlesliect has all the machines on his network connected to a router/switch, which i'm assuming he does. then if he uses Wireshark on one of those machines, wouldn't he need to combine this with some kind of ARP poisoning to be enable himself to see all of the network traffic, unlike if they were all connected to a hub?
i have used Wireshark in the past and as i remember the version i used, didn't have the facility to ARP poison, it just sniffed packets straight from the NIC. thus, any ARP poisoning had to be done with another program. also, if bradlesliect were to use Wireshark with ARP poisoning wouldn't that have the potential to cause a huge bottleneck in network traffic, depending on the volume of traffic.
again, i apologise if i am mistaken; i'm sure you guys are right and bradlesliect can use Wireshark. i'm just trying to learn, and get my head around some of these things. thanks in advance, if anyone can set me straight.
regards,
- threads
Last edited by Threads; January 27th, 2009 at 12:13 PM.
-
January 27th, 2009, 03:31 PM
#10
If you do not run in promiscuous mode (PM), you will only see traffic for your mac address. However, PM only works if packets are being broadcasted to all addresses on LAN. A switch will isolate traffic. Also, some NIC cards wont support PM. Here's a decent primer on how to work around this issue...
http://www.irongeek.com/i.php?page=s...ntrotoSniffers
csr
In God We Trust....Everything else we backup.
Similar Threads
-
By GbinaryR in forum AntiVirus Discussions
Replies: 11
Last Post: October 30th, 2008, 09:33 AM
-
By tonybradley in forum The Security Tutorials Forum
Replies: 2
Last Post: May 17th, 2005, 01:11 AM
-
By qod in forum The Security Tutorials Forum
Replies: 6
Last Post: February 27th, 2004, 03:03 AM
-
By qod in forum The Security Tutorials Forum
Replies: 18
Last Post: January 5th, 2004, 02:30 PM
-
By TheDirector in forum Computer Forensics
Replies: 10
Last Post: June 1st, 2003, 01:59 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|