[Dshield] Network Sniffer

Bruyere, Michel mbruyere at ezemcanada.com
Tue Sep 9 16:48:44 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, 
	Are you connected with switches? If it's the case then it's normal
to see only data going to/from your machine. Another reason that can cause
this, does your NIC is set in promic mode? If not then, look to enable
promisc (almost every cards are able to enable this mode now)

If you're in a switched env, i can suggest you to try the ettercap tool, i
twill allow you to do man in the middle sniffing. Take care and test before
you use this on a production network! There is a feature, ARP poisonning,
that can screw things pretty well if not used properly!


My 0.02$


M.Bruyere


> -----Original Message-----
> From: Kane Wong [mailto:kwong at cwalkergroup.com]
> Sent: mardi 9 septembre 2003 12:08
> To: list at dshield.org
> Subject: RE: [Dshield] Network Sniffer
> 
> If using Ethereal, how can I capture the packets from other workstation,
> because I found that once I start the packet capturing, it only captures
> the
> packets from and to my workstation only.  If your guys know it, please let
> me
> know.
> 
> Thanks!
> 
> -----Original Message-----
> From: Roman Fomichev [mailto:from at e-solutions.lv]
> Sent: Tuesday, September 09, 2003 4:44 AM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Network Sniffer
> 
> 
> www.ethereal.com very good tool for windows
> tcpdump - very good tool for linux
> netmon - tool from microsoft - a very good one! I have the full version.
> If I remember corectly it goes with MS SMS.
> 
> Roman.
> 
> 
> On Tue, 9 Sep 2003 08:42:11 +0200, Graham Dodd <g.dodd at falk-ross.de>
wrote:
> 
> > Good Morning All,
> >
> > I am trying to find out if a bad NIC is causing problems with our SQL
> > Server, this would be no problem with a Networks General Sniffer, but I
> > don't have one anymore :-(
> >
> > Does anyone know of a suitable software package that will provide
> > statistics
> > on the network traffic, specifically giants and runts.
> >
> > thank you,
> >
> > Graham
> >
> > ~~~~~~~~~~~~~~~~~~~~~
> > Graham K. Dodd
> > Director of Operation
> > Falk & Ross GmbH
> > Tel. +49(6301)717-0
> > Fax. +49(6301)717-270
> >
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or unsubscribe), see:
> > http://www.dshield.org/mailman/listinfo/list
> >
> 
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj9eBIMACgkQdZnvpcG99dikVQCgkK1Grxo0YjlqzJ/RwhfxD3Jr
+0YAoMy9yT0p+lMuPxwKYNAdMh3GTI15
=pkBG
-----END PGP SIGNATURE-----




More information about the list mailing list