Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sniffers

From: Mike Sweeney <mikesweeney () packetattack com>
Date: Mon, 27 Feb 2006 07:41:24 -0800


On Feb 24, 2006, at 10:19 PM, Bilal Abdullah Fakhruddin wrote:




Hello,
Recently I am facing problems in my network. Sometimes the network is fast and sometimes it is slow. Im a bit familiar with Ethereal, but i dont know what I am looking for. Could anybody help me out by pointing out where i 
could start or to any documents available? Thanks in advance.

Regards,

Bilal
You need to start with a baseline or failing that, be prepared to grab packets during a "slow" period. Remember that a sniffer in a switched network is subject to the same limits as any other device, it will only see broadcast packets and packets destined to it. So you need to "mirror" or "monitor" a port or ports or VLAN. The other option is to find a link where traffic funnels to and stick a passive tap or hub in-between the endpoints. I have a network where I keep three different cables patched and ready to go at a moments notice.
Right now I'm testing Lanhound since it will let you have remote sniffers feeding back to the master. It is a design much like Distributed Sniffer from NAI/Network General but it's ALOT cheaper :)
For the initial captures, catch everything, no filters except your own MAC. Always filter out your own MAC address.
For more information, wander by http://www.packet-level.com/ where Laura Chappell has some excellent papers, tutorials and more for folding, spindling and mutilating packets :) 

MikeS
hackamac.packetattack.com


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. 
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: