That sniffer stuff..

[Vegito]

I guess it's time for me to get into network sniffering...

basically I like to know how much and where the traffic on our LAN..

so I have 7 routers, each router goes to a different place

I'm assumsing I can use any sniffer program and see where everyone is hitting ?

Know any good ones besides the MS one ? thanks

 

[ScottMac]

NAI Sniffer Pro does a great job for a non-dedicated system. In the Linux environment, Ethereal seems to be pretty popular.

Remember, if you connect to a switch, you either have to tell the switch to "mirror" the traffic from the designated port to the port being montiored, or connect an intermediate HUB. Since switches work as point-to-point connections (bridges), the only traffic you'd see from a non-mirrored port would be broadcasts and multicasts (and traffic sent specifically to the monitoring machine).

So, if the switch doesn't support port mirroring (whatever that particular switch manufacturer calls that function), connect a crossover cable between the switch and a small hub, then a straight-through from the hub to the router (or wherever). Then plug the analyzer into the same hub, and you can monitor the traffic on that link.

Good Luck

Scott

 

[Z_Amon]

Ethereal is also available as a Win32 program - I use it on my laptop for demonstration and portable network testing. Highly recommended as a freeware program, but remember to have a decent processor and a good chunk of RAM to play with (My rig is a 700 with 256 MB running Win2k).

If you can spend money, WildPackets' Etherpeek is on the cheaper end, then you can move up to the really expensive stuff. Entirely IMO, try Ethereal, and if you find that you really need a sniffer- and you figure out how to use it effectively - consider Etherpeek or one of its competitors. I believe there's a demo on the Wildpackets site, but most people who have used it aren't happy with the demo - their traffic goes past the demo buffer inside of a few seconds on larger networks. (oops).

Z.

 

[n0cmonkey]

ethereal is the only one I really bother with. tcpdump for more simple things though.

 

[wuboy]

<< Ethereal is also available as a Win32 program - I use it on my laptop for demonstration and portable network testing. Highly recommended as a freeware program, but remember to have a decent processor and a good chunk of RAM to play with (My rig is a 700 with 256 MB running Win2k). >>



How can you get Ethereal to work on win32? i installed it, and additionally, i had to install something called winpcap which is required for the program to run.

the problem i have with it is that it doesnt let me select an interface to capture. at the dropdown, the list is empty.

i havent tried yet on my linux box, but will do that later...

thanks all for all your help!

Z - i would like to ask you more about network security info, but ur email isnt listed in ur profile... would it be ok to let me contact you? thanks!

 

[n0cmonkey]

<<

<< Ethereal is also available as a Win32 program - I use it on my laptop for demonstration and portable network testing. Highly recommended as a freeware program, but remember to have a decent processor and a good chunk of RAM to play with (My rig is a 700 with 256 MB running Win2k). >>



How can you get Ethereal to work on win32? i installed it, and additionally, i had to install something called winpcap which is required for the program to run. >>



Winpcap is the Win32 port of libpcap.



<< the problem i have with it is that it doesnt let me select an interface to capture. at the dropdown, the list is empty. >>



I havent tried it on a Windows machine, but maybe Ill play with it later today.



<< i havent tried yet on my linux box, but will do that later... >>



Its pretty simple and a great tool.



<< Thanks all for all your help!

Z - i would like to ask you more about network security info, but ur email isnt listed in ur profile... would it be ok to let me contact you? thanks! >>



You can pm me with some questions or post a thread if it is appropriate for this forum.

 

[Vegito]

i dl ethereal.. cool.. i actually have a new spanking dual 1.26 ghz w/1gb memory..

will be playing soon

 

[Z_Amon]

Erp...*laugh* I thought it was enabled. It's back in the profile again, sorry about that. Please feel free to contact me, if I can answer I will.

wuboy, it sounds like Ethereal isn't able to detect your NIC - what sort of NIC are you using? I've had good luck with 3Com 3c905b and Intel NICs, but I haven't tried it on some of the more generic ones. It also might be a bad Winpcap install, you might try removing it, rebooting, then reinstalling the newest version.

Again, sorry about the profile thing, my mistake!

Z.