What are packet sniffers and are they good or bad? [Page 2 of 3]

Misc Links

Ads

Age of Valor - Ultima Online Free Shard
AoS/SE/ML/Custom - advanced code, dedicated staff, peerless bosses, non overpowered customs + much much more

Latest Forum Topics

Possibly shutting down forum in near future
Posted by Red Squirrel
on Jan 21 2012, 5:19:43 pm

How to solve "ZoneMinder Console - Stopped"
Posted by Red Squirrel
on Jan 14 2012, 12:28:31 am

had fun on last day of 2011
Posted by rovingcowboy
on Jan 01 2012, 5:30:47 pm

Merry Christmas!
Posted by rovingcowboy
on Jan 01 2012, 5:11:32 pm

How to solve SMF directory not writable
Posted by Red Squirrel
on Oct 15 2011, 12:03:38 am

What are packet sniffers and are they good or bad?
Internet eavesdropping, network diagnostic and more
By Red Squirrel

Ethereal looks very scary at first but it's very powerful and has lot of filtering options. Below is a screen shot of the capture dialog, you can set the options for the capture such as filtering, how long to capture for, etc. What is nice about this one is that you can specify files, as some packet sniffers just store it in memory, which is very limited. But with Ethereal you can leave it running for days as long as you have enough disk space to store all the captures, since it gets pretty big.

Capture settings

Capture in progress...

Live capture undergoing

Once a capture is stopped you get the main window where you can click on a packet and dissect it to get more information. Ethereal understands quite a few protocols so it also gives you information based on the protocol used for that packet, such as HTTP, FTP, etc. Click the image below for larger version.

What's really nice is all the filter options. Also, you can follow a tcp stream - so you can see the conversation between a client and a server during that time frame starting from the connection to the disconnection.

In most cases, you would run a packet sniffer on your computer and it would sniff both incoming and outgoing packets to that computer. But on a network with a hub, you would also receive packets from/to other computers. This is why a switched network is much more private, because packets are sent to your computer only, and when you send packets they are sent only to the destination computer. So for someone to eavesdrop on you they'd have to either plug in a computer acting as a gateway, with the sniffer, or they'd have to replace the switch with a hub and hook up the packet sniffing machine to the hub.

On the next page we'll take a closer look at how packet sniffers can be beneficial, such as in diagnosing network problems.

15084 Hits

Pages: [1] [2] [3]

1 Comments

Latest comments (newest first)

Posted by Red Squirrel on February 02th 2005 (15:40)
Well it's not as easy as you think. You basically need to try and trick the switch into thinking it's a hub. Never done it but I know it has to do with flooding it with a bunch of arp packets and such. But on a typical college/school network I'm sure there's security in place to avoid this, such as filtering of these packets and what not.
spacer

View all comments
Post comment

Top Articles	Latest Articles
- What are .bin files for? (28283 reads) - Text searching in linux with grep (22864 reads) - SPFDisk (Special Fdisk) Partition Manager (17120 reads) - Creating your own content management system with php (16869 reads) - PSP User's Guide (16611 reads)	- How to Use MDADM Linux Raid (14868 reads) - What is Cloud Computing? (14903 reads) - Dynamic Forum Signatures (version 2) (15270 reads) - Successfully Hacking your iPhone or iTouch (15974 reads) - Ultima Online Newbie Guide (16426 reads)