Hi,
I'm looking for a packet sniffer on win2k who can perform incoming and Outcoming sniffing but I don't find anything. All I can find are sniffer that does only incoming sniff.
Does anyone know a software who does outcoming sniff ?
Printable View
Hi,
I'm looking for a packet sniffer on win2k who can perform incoming and Outcoming sniffing but I don't find anything. All I can find are sniffer that does only incoming sniff.
Does anyone know a software who does outcoming sniff ?
Try This one I think it will do what you want.
Cheers:
Sevari gave you a link to about the best packet sniffer available for Windows. Ethereal should provide both incoming and outgoing packet information to you...
Thank you, I'm going to try them.
You can also try WinDump, it's the Windows version of the well known TCPdump. Ethereal is easier to use with it's GUI but it tends to crash my box, that's why I prefer WinDump.
KC
to the best of my knowledge etherreal and windump rule but they both require winpcap which is really no bother but if DjM's link is as good as it looks it sure would simplify matters and save space on the HD.
thanks DjM ill try it tonight on one of my home boxen.
If you don't want to bother with libpcap see the below noted url. This is an advanced tool in comparison with ethereal which is gui driven and geared to the novice.http://www.nextgenss.com/software/ngssniff.html
ok im running it now. it really is pretty cool. it dosnt give near the info that eathereal gives but you don't always need all that. i like the resolve source/destination feature allot. And for now im enjoying the "alarm". when packets are captured with filters in place this could really help discover what your looking for.
thanks DjM its a keeper
actually i found a little tool... ngsniff ... from http://www.ngsec.com/ngresearch/ngtools/ no drivers, 1 file.. I use it at work alot and have had a need for it at home as well...
ngsniff --interface 0
and it dumps to std out... so
ngsniff --interface 0 > dmp.txt
and you get a log.. full packet information.. header and data...
i like it atleast.
don and g00n:
NGSsniff does not capture outgoing packets. it also makes some IDing entries into an FTP servers log.
view ascii mode:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
ftp nessus org ?i%f
raccoon ns1 cis fed gov < ?i%d
P
220 ftp.nessus.org NcFTPd Server (licensed copy) ready.
331 Guest login ok, send your complete e-mail address as password.
230-You are user #1 of 50 simultaneous users allowed.
230-
230 Logged in anonymously.
501 Option not recognized.
215 UNIX Type: L8
211 Valid SITE commands are: HELP, CHMOD, QUOTA, BUFSIZE, RETRBUFSIZE, STORBUFS
IZE, SYMLINK, UMASK, UTIME.
257 "/" is cwd.
250 "/pub" is new cwd.
200 Type okay.
200 PORT command successful.
P
150 Opening ASCII mode data connection for /bin/ls.
drwxr-xr-x 2 ftpuser ftpusers 512 Mar 17 2002 filterrules
drwxrwxr-x 5 ftpuser ftpusers 512 Jun 19 2002 hlfl
drwxr-xr-x 4 ftpuser ftpusers 1024 Feb 5 23:29 nessus
drwxr-xr-x 3 ftpuser ftpusers 512 Sep 26 17:16 nessus-testing
drwxr-xr-x 2 ftpuser ftpusers 512 Aug 6 2002 nstreams
226 Listing completed.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
call me crazy but this is something i dont like to see no matter how nice a job it does