Network traffic sniffer and monitoring

[bradlesliect]

Hi,

I run a pretty basic Windows network sharing an ADSL connection. I am looking for an effective and easy method to traffic network traffic IN and OUT of the network - basically all internet traffic. I want to see the source and destination, the amount of time connected and the amount of traffic, the type of traffic.

How can I do this? I have heard of ethereal - will this work for me? I want to be able to run it from a workstation but only I have access to view the logs.

All IP addies are NATted but I still want to see source and destination.

Possible?

Thanks for help.

[dinowuff]

http://www.opendns.com/

May be what you're looking for. Not sure how great the reporting is.

Privox (comes with tor) - depends on your level of expertise.

[Cheap Scotch Ron]

Ethereal will do the job.
Easy to use. Nice filter capabilities.
Easy to read output.

csr

[11001001]

CSR -

Ethereal is now Wireshark:

http://www.wireshark.org/download.html

But you're right... probably the best for this application

[Cheap Scotch Ron]

BB,

Guess my grey thinning hair is showing again. Any significant enhancements with wireshark or just a re-branding?

[nihil]

Hi there CSR,

It was literally a re-branding and nothing more, but the project is still alive and kicking

In June 2006 the project was renamed from Ethereal due to trademark issues.

"Lawyers, accountants and other reptiles"?

[gore]

BB,

Guess my grey thinning hair is showing again. Any significant enhancements with wireshark or just a re-branding?

Just grow a beard to match it and call yourself a "Unix Guru" and everyone will love you

And Wireshark / Ethereal as far as I know was originally just a name change, but I'm sure they've changed a few things by now.

Port Sniffing and things on Windows has always been a hassle for me. I generally like these tools for network toying:

IPTraff (Linux, BSD)
WireShark
Hydra (Linux / BSD)
IPSorcery (Linux / BSD)
Hping / Hping 2 (Linux / BSD)
tcpdump (Linux / BSD)

Those have become incredibly useful to me.

[nihil]

Actually that was "Lawyers and other reptiles"

http://www.amazon.com/Lawyers-Other-.../dp/0809239191

And Wireshark / Ethereal as far as I know was originally just a name change, but I'm sure they've changed a few things by now.

Yeah, as I heard it was just some sort of legal crap?

[Threads]

hey Guys,

i know that this is probably a very newbie question to ask and i apologise if the answer is obvious and it's just me that can't see it; but if bradlesliect has all the machines on his network connected to a router/switch, which i'm assuming he does. then if he uses Wireshark on one of those machines, wouldn't he need to combine this with some kind of ARP poisoning to be enable himself to see all of the network traffic, unlike if they were all connected to a hub?

i have used Wireshark in the past and as i remember the version i used, didn't have the facility to ARP poison, it just sniffed packets straight from the NIC. thus, any ARP poisoning had to be done with another program. also, if bradlesliect were to use Wireshark with ARP poisoning wouldn't that have the potential to cause a huge bottleneck in network traffic, depending on the volume of traffic.

again, i apologise if i am mistaken; i'm sure you guys are right and bradlesliect can use Wireshark. i'm just trying to learn, and get my head around some of these things. thanks in advance, if anyone can set me straight.


regards,

- threads

[Cheap Scotch Ron]

If you do not run in promiscuous mode (PM), you will only see traffic for your mac address. However, PM only works if packets are being broadcasted to all addresses on LAN. A switch will isolate traffic. Also, some NIC cards wont support PM. Here's a decent primer on how to work around this issue...

http://www.irongeek.com/i.php?page=s...ntrotoSniffers

csr