-
Depending on budget, the market you are in, and your expertise I would recommend either Ethereal/Wireshark (both the same) or Network General Sniffer Portable. Both you can put on a laptop and decode packets in real time, and both are very good. Sniffer Portable is not free as Wireshark is though, we pay well over $1K for our licenses.
The above are ideal for a market of home users. If you work in a corporate environment you would have to look at solutions that fit into the data centers. We do a lot of IDS/IPS and network monitoring so in our data centers we use 1ru 50 micron optical taps from a vendor known as NetOptics. We also use Gigamon Matrix switches that feed all captured data into a sniffer (Infinistream, Niksun, whatever.)
Like I said, it depends on your which market you are in, your budget, and your expertise.
But for just basic use for home customers Wireshark or Sniffer Portable outstanding.
--EOF
-
Just get a 4 port hub and plug the clients pc, the satelitte connection and the interface you are going to sniff with into the hub. Then use wireshark was previously mentioned to sniff the traffic. No need for network taps in this situation.
-
Wireshark's gonna be a lot of work. It's going to entail leaving a PC on your customer's network to monitor packets, then sorting thru those packets, and for what? Only to find out these people are infected with spyware and viruses? It's not worth it, IMHO.
If I had to do anything in your sit, I'd just get on their machine, run msconfig and pull up their startups and simply point out that there's a big part of their problem, and that there's hidden apps running beside those in all likelihood. Then, if need be, run msconfig on your own machine and compare them.
-
Quote:
Originally posted here by brokencrow
Wireshark's gonna be a lot of work.
Don't know what the big deal is:
Auditor
Fire it up run, it for MAYBE AN HOUR and deal with the results. Doesn't seem like much work to me (especially) when your getting paid. ;)
Cheers:
-
Fire it up Auditor, run it for MAYBE AN HOUR and deal with the results?
First, you're assuming sundep knows TCP/IP and how to use Wireshark. So we got a learning curve in there, drive times, and jawboning with the customer. That's gonna be more than an hour.
Second, you're assuming sundep's being paid on a callback. Likely the only reason he's doing a callback is so he gets paid for the original installation. He'll probably be lucky to get paid for following up on a complaint.
Third, you're assuming his customers will know what he's talking about when he gives them a breakdown of the network traffic. They aren't going to know what a .cap file is. I can almost guarantee most will think he's BS'ing them around.
Another thought, sundep: have your customers run an online AV scan like
Panda or Trendmicro. The online scans pick up most spyware and it demonstrably puts the onus on the customer.
I dread dealing with folks on dialups. I've had them insist they didn't need Windows updates because it's not on a broadband connection, therefore somehow immune. I've had them insist they were less vulnerable to viruses and spyware just because they're on a dialup. I appreciate that you need to demonstrate to some how compromised their PC's may be. No doubt, there's a lot of ways to do that, but the best way is to take it to their level.
-
Hey guys, Thanks for all the your help and ideas.
I do not know everthing about TCP/IP and I have never used Wireshark, but I am not afraid to learn or make an effort to try something new. I do like to spend my time wisely, so that is why I am on this forum. To find out what I should or should not do before I waste a lot of time trying. That is where all of you guys/gals and your experience helps. A big thank you to every one for sharing.
Brokenclaw,
One of the problems that I have with "those dialup people" is that they think that "I am BS'ing them around." The goal of this exercise to to find a way to show the customer that there is extra traffic on their connection. Okay, I will confess that I also want to play with some new gadgets.
I know that scanning for spyware and viruses and installing all of the updates would solve 99% of the problems, but I am just "the cable guy" and I do not want to turn into "the computer guy." Especially, not for joe homeowner. I do not even what to touch their computers. I am thinking that some basic scans should become part of the installation and that I should require the customer to perform the scans and updates before I turn on their connection.
