RE: how to sniffer the packages from one computer to another?

[Joey Peloquin <jpelo1 () jcpenney com>]

Hey Joe - 

Start with TCP/IP Illustrated, by Richard Stevens ... It's the bible.  

Best,

Joey Peloquin

-----Original Message-----
From: ja5150 () optonline net [mailto:ja5150 () optonline net] 
Sent: Thursday, September 11, 2003 1:22 PM
To: jvfields () tds net; blinder () cwazy co uk;
security-basics () lists securityfocus com
Subject: Re: how to sniffer the packages from one computer to another?


I am a Network Administrator and a newbie to using packet sniffers. I am
currently using a Network Monitor that came with our Win2k server. I
need help anaylzing the data, does anyone know a book or other material
that would help me? I've read a few articles on this site on how to use
and read tcp dump. I am currently working on an issue that I have with
an application that is running slower on one of our client pc's. 

I would also like to know how to monitor for suspicious traffic?

Joe

Original Message:
-----------------
From: James Fields jvfields () tds net
Date: Tue, 09 Sep 2003 19:26:14 -0400
To: blinder () cwazy co uk, security-basics () lists securityfocus com
Subject: Re: how to sniffer the packages from one computer to another?


You want to intercept the "packages" (I hope you mean packets) and alter
them before they arrive at the destination computer?  Simply sniffing
will not do the trick - the point of sniffing is not to divert the
packets but to capture a copy of them and usually does not involve
putting yourself into the path as one of the actual "hops" between
devices.

There are some methods of doing this - Ettercap and some other programs
will allow you to actually trick the network into diverting packets to
your machine and letting you forward them after you have seen them.
However I do not know if those tools allow you to alter the packets in
any significant way.

We often see messages on this list that sound like people are asking for
help with actual hacking, although it is frequently the case that people
just want to learn more to secure their own networks.  I think if you
are going to ask a question like this and expect a more in depth answer,
it would be a good idea to give us some background regarding your
purpose...intentionally diverting and altering network traffic is not
something a security engineer would usually be interested in doing.

----- Original Message -----
From: <blinder () cwazy co uk>
To: <security-basics () lists securityfocus com>
Sent: Friday, September 05, 2003 7:40 PM
Subject: how to sniffer the packages from one computer to another?


> hey,everyone ,
> may I know if there is a tool that can sinffe the packages from one 
> computer to anther, and if I want to change the contents of the 
> packages, what should I do?
>
> Thanks !
>
>
>
>
>
>
> ----------------------------------------------------------------------
> ----
-
> Captus Networks
> Are you prepared for the next Sobig & Blaster?
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>  - Precisely Define and Implement Network Security
>  - Automatically Control P2P, IM and Spam Traffic
> FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
> http://www.captusnetworks.com/ads/42.htm
> ----------------------------------------------------------------------
> ----
--
>



------------------------------------------------------------------------
---
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
------------------------------------------------------------------------
----


--------------------------------------------------------------------
mail2web - Check your email from the web at http://mail2web.com/ .



------------------------------------------------------------------------
---
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
------------------------------------------------------------------------
----

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited.   If you are not the intended
recipient, please contact the sender and delete the material from any
computer.

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------