Re: how to sniffer the packages from one computer to another?

["ja5150 () optonline net" <ja5150 () optonline net>]

I am a Network Administrator and a newbie to using packet sniffers. I am
currently using a Network Monitor that came with our Win2k server. I need
help anaylzing the data, does anyone know a book or other material that
would help me? I've read a few articles on this site on how to use and read
tcp dump. I am currently working on an issue that I have with an
application that is running slower on one of our client pc's. 

I would also like to know how to monitor for suspicious traffic?

Joe

Original Message:
-----------------
From: James Fields jvfields () tds net
Date: Tue, 09 Sep 2003 19:26:14 -0400
To: blinder () cwazy co uk, security-basics () lists securityfocus com
Subject: Re: how to sniffer the packages from one computer to another?


You want to intercept the "packages" (I hope you mean packets) and alter
them before they arrive at the destination computer?  Simply sniffing will
not do the trick - the point of sniffing is not to divert the packets but to
capture a copy of them and usually does not involve putting yourself into
the path as one of the actual "hops" between devices.

There are some methods of doing this - Ettercap and some other programs will
allow you to actually trick the network into diverting packets to your
machine and letting you forward them after you have seen them.  However I do
not know if those tools allow you to alter the packets in any significant
way.

We often see messages on this list that sound like people are asking for
help with actual hacking, although it is frequently the case that people
just want to learn more to secure their own networks.  I think if you are
going to ask a question like this and expect a more in depth answer, it
would be a good idea to give us some background regarding your
purpose...intentionally diverting and altering network traffic is not
something a security engineer would usually be interested in doing.

----- Original Message -----
From: <blinder () cwazy co uk>
To: <security-basics () lists securityfocus com>
Sent: Friday, September 05, 2003 7:40 PM
Subject: how to sniffer the packages from one computer to another?


> hey,everyone ,
> may I know if there is a tool that can sinffe the packages from one
> computer to anther,
> and if I want to change the contents of the packages,
> what should I do?
>
> Thanks !
>
>
>
>
>
>
> --------------------------------------------------------------------------
-
> Captus Networks
> Are you prepared for the next Sobig & Blaster?
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>  - Precisely Define and Implement Network Security
>  - Automatically Control P2P, IM and Spam Traffic
> FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
> http://www.captusnetworks.com/ads/42.htm
> --------------------------------------------------------------------------
--
>



---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------


--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .



---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------