| Misc Links |
|
Forum Archive News Archive File DB |
| Ads |
| Advertisement |
|
Age of Valor - Ultima Online Free Shard AoS/SE/ML/Custom - advanced code, dedicated staff, peerless bosses, non overpowered customs + much much more |
| Latest Forum Topics |
|
New PC Posted by Wren on Apr 27 2012, 2:58:46 pm PSA: Ensure your forum email address is valid Posted by MikeDB on Apr 09 2012, 8:43:16 am Recipe's Posted by MikeDB on Feb 28 2012, 12:54:29 am My PC is now ancient Posted by rovingcowboy on Feb 27 2012, 8:29:26 am Hey all Posted by rovingcowboy on Feb 27 2012, 8:35:12 am |
Internet eavesdropping, network diagnostic and more
By Red Squirrel
Set it up, let it capture for a bit of time while you are not doing anything with the connection, then stop it. Then you can go through the packets and if you see something such as lot of connections to a certain port, connections from a certain IP or anything suspicious, then you know something is not right, so you can proceed with researching for more info on this particular type of activity, and meanwhile block the IP/port in question.
A good example is when I had a customer's computer. I was running UD on it off a network drive, while I was doing other stuff. But I had noticed the activity light was continuously flashing. So I put in a packet sniffer, (Packetmon, in this case, which is more lightweight and easier to use, for quick little sniffs) and there was tons of netbios packets. So I checked the content and found mostly giberish but some stuff was readable such as the network path to the UD folder. So immediately I knew all this activity was because of UD. If it was, say a virus, then I would of wondered what the referring file was, and could of did research on this file and then found out it was a virus.
So packet sniffers can be quite useful to diagnose network issues. But realize that there's allot of stuff that goes on a network, so even without issues, you will pickup quite a few packets on a single 1 hour or so time frame. Usually it's netbios related packets for poling and such.
Another good use for packet sniffers is to learn how a specific protocol language works. For example if you want to know what your browser actually sends to the server to get a web page, fire up the packet sniffer, and open a website then check the result. The fact that it shows it in hex as well is very important since you can differentiate between the different types of spacing and what not, as \n\r might work for some applications but in some others you may need to use \n. Things like this would not be noticeable if it were only text.
While packet sniffers are usually looked as being bad things, I hope this article has cleared things about their positive use and what makes them great tools around the network.
Additional links:
http://www.ethereal.com
Ethereal's official website.
http://www.rhizome.org/carnivore
Carnivore Personal Edition (abscract art with packets)
http://www.analogx.com/contents/download/network/pmon.htm
Packetmon, a small, simple packet sniffer.
http://www.epic.org/privacy/carnivore/foia_documents.html
Various documents about FBI's Carnivore (DCS 1000)
Red Squirrel
IceTeks.com Owner
|
|
|
| 16131 Hits | Pages: [1] [2] [3] | 1 Comments |
|
| Top Articles | Latest Articles |
|
- What are .bin files for? (50836 reads) - Text searching in linux with grep (33758 reads) - SPFDisk (Special Fdisk) Partition Manager (21038 reads) - Creating your own content management system with php (20580 reads) - Ultima Online Newbie Guide (19290 reads) |
- How to Use MDADM Linux Raid (16189 reads) - What is Cloud Computing? (15799 reads) - Dynamic Forum Signatures (version 2) (16177 reads) - Successfully Hacking your iPhone or iTouch (17341 reads) - Ultima Online Newbie Guide (19290 reads) |
