Hi
Id like to know if a sniffer can get and save ALL the info sent by a server but not only the one this server sends to you,and if it can be done,how to? (i tryed with ethereal but got no conclusion...)
ThAnK YoU FoR Ur TiMe
Printable View
Hi
Id like to know if a sniffer can get and save ALL the info sent by a server but not only the one this server sends to you,and if it can be done,how to? (i tryed with ethereal but got no conclusion...)
ThAnK YoU FoR Ur TiMe
Yes it can (and ethereal can as well). The best way is to ensure that your network card is in promicious mode (winpcap for windows and libpcap for linux will help with this). tcpdump (windump) are considered amongst the best, fastest sniffers out there. The best way to tell is when you see traffic being received or sent to an ip other than yours.
However, keep in mind it will only pick up what's on the subnet you are on, behind a specific device like a router. (MsM goes into teaching mode: Routers do not pass broadcast packets.) So if you are behind a router, it will only pick up traffic in your household.
One last thing, in some countries it is ILLEGAL to do sniffing (and collect passwords -- in Canada it is against the Criminal Code and can get you a nasty sentence of 5 years) and I can pretty guarantee that your ISP will not like you sniffing the network. They can find out as promicious cards tend to be noisy. Some things to keep in mind.
I think a little:
tcpdump -t src host ip_of_the_server
would be sufficient for what you want.
And in Ethereal, you simply have to parameter a filter.
But if you speak about a server on Internet (which is not on you internal network), sniffing it will not be really useful.