|
Posted by jms504 on August 18, 2005, 1:31 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I'm looking for a good windows traffic sniffer for a switched network.
As you already know, ethereal only does hubbed traffic sniffing.
I need it for network packet analysis.
I installed the ettercap interface for windows but to be frank, it
sucks!
|
|
Posted by xsr on August 18, 2005, 10:02 pm
If you were Registered and logged in, you could reply and use other advanced thread options
jms504 Wrote:
> I'm looking for a good windows traffic sniffer for a switched network.
> As you already know, ethereal only does hubbed traffic sniffing.
> I need it for network packet analysis.
>
> I installed the ettercap interface for windows but to be frank, it
> sucks!
No way you can "just" sniff a switched network, as the packets are not
passing your computer. To be able to sniff on a switched network, you
need something to perform arp poisoning as well, which ettercap, hunt &
juggernauth can ( to name a few ).
Ethereal for windows is also fine to use, but there needs to be a
seperate program running which performs arp poisining ( like ARP0c/WCI
from www.phenoelit.de )
There are also more windows/user friendly tools for this, like cain &
able ( www.oxid.it ). Before doing anything i suggest to read up on arp
poisoning, just to see what it is you are doing ( aside from sniffing ),
since even cain & able is not doing it automagicly for you...
BTW, properly configured switches/routers can also prevent arp
poisoning and trigger some alerts.
----
xsr
08eb d563 c78f 85a9 2f4b 571b 9177 22e6 65ad ac05
http://www.research-labs.net/
|
|
Posted by jms504 on August 18, 2005, 8:37 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I'm not some script kiddie.
I was just wondering if there is a better tool for Win other than
ettercap.
I've evaluated a few, but theyre not the least bit sufficient and I'm a
GUI guy.
It can trigger ALL the alerts it wants..i'm not a Black Hat. I'm just
doing a netmon assignment evaluating traffic passing into servers while
actively sniffing.
|
|
Posted by Gerard Bok on August 19, 2005, 10:04 am
If you were Registered and logged in, you could reply and use other advanced thread options
>I'm aware of what ethereal/ettercap/ etc do.
>I'm not some script kiddie.
>
>I was just wondering if there is a better tool for Win other than
>ettercap.
>I've evaluated a few, but theyre not the least bit sufficient and I'm a
>GUI guy.
>
>It can trigger ALL the alerts it wants..i'm not a Black Hat. I'm just
>doing a netmon assignment evaluating traffic passing into servers while
>actively sniffing.
In that case: do the math :-)
100 Mbs network ?
nn hosts ?
Switch ? so: duplex.
Find yourself a 2 * nn * 100 Mbps capable solution and you can
watch tings from your chair.
Or: do what we all do :-)
(And that probably does not involve 'Windows' :-)
--
Kind regards,
Gerard Bok
|
|
Posted by Juergen Nieveler on August 19, 2005, 6:30 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> No way you can "just" sniff a switched network, as the packets are
> not passing your computer. To be able to sniff on a switched network,
> you need something to perform arp poisoning as well, which ettercap,
> hunt & juggernauth can ( to name a few ).
Or you log on to the switch and mirror the port you want to sniff ;-)
Juergen Nieveler
--
A computer without Microsoft is like a chocolate cake without mustard.
|
| Similar Threads | Posted | | need traffic tool | August 27, 2005, 5:31 am |
| interesting traffic | December 29, 2006, 12:21 pm |
| Ok to let all ICMP traffic through firewall? | September 22, 2005, 11:14 pm |
| How to monitor traffic using Cisco NetFlow v5 | August 7, 2006, 9:23 am |
| unknown outgoing tcp traffic - should I be worried? | November 8, 2007, 4:39 pm |
| identifying the source of suspicous outgoing network traffic | October 22, 2006, 4:32 pm |
| Windows xp security | March 1, 2006, 7:23 am |
| windows firewall | April 17, 2006, 8:53 pm |
| Windows Defender ? | May 28, 2006, 11:14 am |
| Windows security | August 10, 2007, 12:13 pm |
|
XML site map