I have a question about sniffing. I know you are able so see what goes in and out of a nic on a specific, but with a sniffer program, can you see everything going across the whole LAN?
-Mike
Printable View
I have a question about sniffing. I know you are able so see what goes in and out of a nic on a specific, but with a sniffer program, can you see everything going across the whole LAN?
-Mike
on a lan connected with a hub, all packets are seen by all network interfaces. The packets are discarded or passed up the line based initially on the destination MAC address, and then IP address. (Switches have the ability to filter traffic so that each interface only sees traffic directed for it specifically, so if you are on a switched LAN, you may not be able to see all that other traffic.)
So, what a packet sniffer can do is put the network interface into promiscuos mode, meaning, telling the TCP/IP stack to pass all traffic to that application(the packet sniffer) instead of discarding the traffic which is not meant specifically for that network interface. Some packet sniffers however dont have this cability, though most do.
There is a long explanation for this and 123(IchNiSan) hit the nail on the head. But even if you have a switched network you could conceivably sniff all of the traffic depending on how it is set up.
Is there a more specific question, maybe? I could write an entire book on the procedures, but if you are looking for something specific it sure would help narrow the possibilties down a bit....
I'm kinda of a newbie to networking, but I have a router, so does that mean if I got the right packet sniffer and put it into promiscuos mode, I can seeeverything? Is there a good packet sniffer that you could recommend?
-Mike
Ethereal is great for windows, I am not sure what the site is. I'd like to get it for linux, but I'm having dependence problems, anyone know where i can get libcrypto.so.2? I belive it is part of ssl. I tried to get an ssl package, but it would have messsed up lots of files that were depended on.
libcrypto is part of ssl, and is installed by default on recent versions of redhat, mandrake and suse, I imagine others I havent worked with as well.Quote:
Ethereal is great for windows, I am not sure what the site is. I'd like to get it for linux, but I'm having dependence problems, anyone know where i can get libcrypto.so.2? I belive it is part of ssl. I tried to get an ssl package, but it would have messsed up lots of files that were depended on.
I ran into this same problem installing ethereal on my redhat machine, it was looking for an older version of libcrypto than I had which messed it up. Of course I figured out that ethereal is included on the redhat CD's, and I used their little installer thing and it worked fine.
Shkuey: I have RHL 7.1, but the free (downloaded) version. I am updating to RHL 7.3, will that have libcrypto? I found a package w/ it, but like I said, it had tons of dep. problems.
Click here.........http://www.robertgraham.com/pubs/sni...q.html#tcpdump
is rhl a command-line o/s? because i know that some other versions/creators of linux had a screen shot on their webpage, and it looked similar to windows.
-Mike
Um... RedHat isn't "a command line o/s", but it does have a command line interface. Any linux distribution can be a command line o/s if you just don't install Xwindows. The pictures you saw were probably either KDE or Gnome, which are the two most popular forms of Xwindows.