What are packet sniffers and are they good or bad? [Page 2 of 3]

Misc Links

Ads

Age of Valor - Ultima Online Free Shard
AoS/SE/ML/Custom - advanced code, dedicated staff, peerless bosses, non overpowered customs + much much more

Latest Forum Topics

New Bathroom Fan I Bought
Posted by Red Squirrel
on Sep 06 2010, 9:08:47 pm

Duke Nukem Forever
Posted by Red Squirrel
on Sep 04 2010, 1:28:13 am

Dr. Santa Claus?
Posted by Red Squirrel
on Sep 04 2010, 5:12:17 pm

Vmware Shifts Pricing Strategy
Posted by Red Squirrel
on Sep 02 2010, 7:09:04 pm

Badass Chipmunk
Posted by Triple6_wild
on Sep 01 2010, 1:06:15 am

Send spam to: website@xeonlive.com nick@xeonlive.com georgiapeach1241@aol.com What are packet sniffers and are they good or bad?
Internet eavesdropping, network diagnostic and more
By Red Squirrel

Ethereal looks very scary at first but it's very powerful and has lot of filtering options. Below is a screen shot of the capture dialog, you can set the options for the capture such as filtering, how long to capture for, etc. What is nice about this one is that you can specify files, as some packet sniffers just store it in memory, which is very limited. But with Ethereal you can leave it running for days as long as you have enough disk space to store all the captures, since it gets pretty big.

Capture settings

Capture in progress...

Live capture undergoing

Once a capture is stopped you get the main window where you can click on a packet and dissect it to get more information. Ethereal understands quite a few protocols so it also gives you information based on the protocol used for that packet, such as HTTP, FTP, etc. Click the image below for larger version.

What's really nice is all the filter options. Also, you can follow a tcp stream - so you can see the conversation between a client and a server during that time frame starting from the connection to the disconnection.

In most cases, you would run a packet sniffer on your computer and it would sniff both incoming and outgoing packets to that computer. But on a network with a hub, you would also receive packets from/to other computers. This is why a switched network is much more private, because packets are sent to your computer only, and when you send packets they are sent only to the destination computer. So for someone to eavesdrop on you they'd have to either plug in a computer acting as a gateway, with the sniffer, or they'd have to replace the switch with a hub and hook up the packet sniffing machine to the hub.

On the next page we'll take a closer look at how packet sniffers can be beneficial, such as in diagnosing network problems.

Next Page
spacer

18601 Hits

Pages: [1] [2] [3]

1 Comments

Latest comments (newest first)

Posted by Red Squirrel on February 02th 2005 (14:40)
Well it's not as easy as you think. You basically need to try and trick the switch into thinking it's a hub. Never done it but I know it has to do with flooding it with a bunch of arp packets and such. But on a typical college/school network I'm sure there's security in place to avoid this, such as filtering of these packets and what not.
spacer

View all comments
Post comment

Top Articles	Latest Articles
- What are .bin files for? (592877 reads) - Big Brother and Ndisuio.sys (143128 reads) - PSP User's Guide (127762 reads) - Text searching in linux with grep (115254 reads) - SPFDisk (Special Fdisk) Partition Manager (101260 reads)	- Dynamic Forum Signatures (version 2) (4689 reads) - Successfully Hacking your iPhone or iTouch (14355 reads) - Ultima Online Newbie Guide (25095 reads) - BBcode editor: PHP - The sensible approach (17927 reads) - The Hitch Hikers guide to "the mouse" (15308 reads)