[Dshield] Network Sniffer

Roman Fomichev from at e-solutions.lv
Tue Sep 9 20:45:37 GMT 2003


ouh!, if we are talking about alternatives, we can mention Cain with it's 
arp poisoning features :) your PC can work as router for some time just to 
monitor all the connection going thru you comp

Roman

On Tue, 9 Sep 2003 12:48:44 -0400, Bruyere, Michel 
<mbruyere at ezemcanada.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
> 	Are you connected with switches? If it's the case then it's normal
> to see only data going to/from your machine. Another reason that can 
> cause
> this, does your NIC is set in promic mode? If not then, look to enable
> promisc (almost every cards are able to enable this mode now)
>
> If you're in a switched env, i can suggest you to try the ettercap tool, 
> i
> twill allow you to do man in the middle sniffing. Take care and test 
> before
> you use this on a production network! There is a feature, ARP poisonning,
> that can screw things pretty well if not used properly!
>
>
> My 0.02$
>
>
> M.Bruyere
>
>
>> -----Original Message-----
>> From: Kane Wong [mailto:kwong at cwalkergroup.com]
>> Sent: mardi 9 septembre 2003 12:08
>> To: list at dshield.org
>> Subject: RE: [Dshield] Network Sniffer
>>
>> If using Ethereal, how can I capture the packets from other workstation,
>> because I found that once I start the packet capturing, it only captures
>> the
>> packets from and to my workstation only.  If your guys know it, please 
>> let
>> me
>> know.
>>
>> Thanks!
>>
>> -----Original Message-----
>> From: Roman Fomichev [mailto:from at e-solutions.lv]
>> Sent: Tuesday, September 09, 2003 4:44 AM
>> To: General DShield Discussion List
>> Subject: Re: [Dshield] Network Sniffer
>>
>>
>> www.ethereal.com very good tool for windows
>> tcpdump - very good tool for linux
>> netmon - tool from microsoft - a very good one! I have the full version.
>> If I remember corectly it goes with MS SMS.
>>
>> Roman.
>>
>>
>> On Tue, 9 Sep 2003 08:42:11 +0200, Graham Dodd <g.dodd at falk-ross.de>
> wrote:
>>
>> > Good Morning All,
>> >
>> > I am trying to find out if a bad NIC is causing problems with our SQL
>> > Server, this would be no problem with a Networks General Sniffer, but 
>> I
>> > don't have one anymore :-(
>> >
>> > Does anyone know of a suitable software package that will provide
>> > statistics
>> > on the network traffic, specifically giants and runts.
>> >
>> > thank you,
>> >
>> > Graham
>> >
>> > ~~~~~~~~~~~~~~~~~~~~~
>> > Graham K. Dodd
>> > Director of Operation
>> > Falk & Ross GmbH
>> > Tel. +49(6301)717-0
>> > Fax. +49(6301)717-270
>> >
>> > _______________________________________________
>> > list mailing list
>> > list at dshield.org
>> > To change your subscription options (or unsubscribe), see:
>> > http://www.dshield.org/mailman/listinfo/list
>> >
>>
>>
>> _______________________________________________
>> list mailing list
>> list at dshield.org
>> To change your subscription options (or unsubscribe), see:
>> http://www.dshield.org/mailman/listinfo/list
>>
>> _______________________________________________
>> list mailing list
>> list at dshield.org
>> To change your subscription options (or unsubscribe), see:
>> http://www.dshield.org/mailman/listinfo/list
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (MingW32)
> Comment: For info see http://www.gnupg.org
>
> iEYEARECAAYFAj9eBIMACgkQdZnvpcG99dikVQCgkK1Grxo0YjlqzJ/RwhfxD3Jr
> +0YAoMy9yT0p+lMuPxwKYNAdMh3GTI15
> =pkBG
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
>





More information about the list mailing list