network sniffing software

giganick · Sep 18, 2003, 08:05 PM

If anyone knows of some good network sniffing software could you please post the name of it, and possibly a web site where i can download it...thanks..

ToshiroOC · Sep 18, 2003, 08:11 PM

Ethereal is the best one I know of. If you want wireless, look at Kismet. Um... what platform are you using? That's pretty important.

Judas · Sep 18, 2003, 08:13 PM

what do you use this program for?

giganick · Sep 18, 2003, 08:41 PM

well im not sure how it would work, but i would be plugging my laptop into the network here at school to find out where all the bandwidth is going...i am kindof a sub at since the other one left two weeks ago and we are awaiting the arrival of the new one....

Chaos · Sep 18, 2003, 08:42 PM

Etherpeek was a good one

Grab the demo Here !!!

ToshiroOC · Sep 19, 2003, 02:47 AM

Quote:

Originally posted by giganick
well im not sure how it would work, but i would be plugging my laptop into the network here at school to find out where all the bandwidth is going...i am kindof a sub at since the other one left two weeks ago and we are awaiting the arrival of the new one....

You'd be lost with Ethereal

Its pretty powerful in a complicated way... you deal with stuff going all the way down to the hex headers for packets if you need to. What is the network setup? Is it a switched network? Do you have access to the routers for the network? Why do you need to find out where the bandwidth is going with network sniffing? I would think that for that it would be significantly easier to just look at logs from your border routers and see what protocol/ports are being used to get an idea of what programs are using up your bandwidth (kazaa if not blocked can consume obscene amounts of bandwidth), and restrict the ports that people are using that you don't want to and rate limit those that are being abused but should stay open, and then keep track of MAC addresses or IPs of offenders and systematically check the computers on your network.

tjhana · Sep 19, 2003, 06:05 AM

WildPacket Etherpeek is one of the best sniffing tools. but, becarefull when you sniff your school network. it might be illegal in some countries, esp US.
you can try Sniffer PRO, eEye IRIS (this one is good when reconstructing HTTP packets)

krazy1 · Sep 19, 2003, 06:16 AM

One of the best Sniffers out there now is made by eEye Digital Security. The program is a called Iris . We have been testing this program out at work and it is pretty scarry how powerful this one is...... Small example...... I was able to see the EXACT webpage a guy in our lab went to and also found out what his password was since it was transmited in clear text. Now when I say I was able to see the webpage I don't just mean the name.... I was able to bring up the page in the sniffer just from the content sniffing...... One other small example... we sent a test e-mail with an attatchment.... we were able to grab the e-mail and the attachment and open them on the sniffing mach.......

To get this one... check your local Newsgroup...

or get a demo from the link above...

ToshiroOC · Sep 19, 2003, 01:07 PM

I still rather like Ethereal, I like the feel of it since I learned almost everything I did from using it on my home network

However, IRIS is looking interesting, I'm definitely gonna take a look

G4ydeon_6900 · Sep 19, 2003, 11:06 PM

we use Iris on my campus, just today someone on wireless was looking for child porn and we were able to bust him pretty quick.

~~craig588~~ · Sep 19, 2003, 11:08 PM

Hmm, I'll just add my opinion. I like Etheral the best as well.

giganick · Sep 20, 2003, 08:45 AM

Quote:

Originally posted by ToshiroOC
You'd be lost with Ethereal Its pretty powerful in a complicated way... you deal with stuff going all the way down to the hex headers for packets if you need to. What is the network setup? Is it a switched network? Do you have access to the routers for the network? Why do you need to find out where the bandwidth is going with network sniffing? I would think that for that it would be significantly easier to just look at logs from your border routers and see what protocol/ports are being used to get an idea of what programs are using up your bandwidth (kazaa if not blocked can consume obscene amounts of bandwidth), and restrict the ports that people are using that you don't want to and rate limit those that are being abused but should stay open, and then keep track of MAC addresses or IPs of offenders and systematically check the computers on your network.

There are some times of the day that the internet is extremely slow, and we have teachers that are complaining that their students "cant get to sites, and the internet is really slow"...so we are trying to find out where all the bandwidth is going...my guess is it is students playing online games...i do have access to the routers, and it is a switched network, it would be nice to see exactly where the users are going, and what they are doing, as i do know there are a lot of people that are places they shouldnt be...our theory is kazaa or downloading in general is ok after school, during school the users need to be able to access sites be it for research or just e-mailing homework home....where would i find out what ports to block??...i dont know what ports kazaa runs on??....I have a pretty good idea of the routers and all that stuff, as i have taken CISCO, but im not the best....i really need to study!!!....thanks for all your help....

Vampyromaniac · Sep 21, 2003, 12:55 AM

Quote:

Originally posted by giganick
i dont know what ports kazaa runs on??....

Kazaa usually runs on port 1214.

ToshiroOC · Sep 21, 2003, 04:39 AM

Students will be able to get around that, though, just by changing the port or using HTTP tunneling. My idea is to set up a server to control the routers and set up crons on a schedule to run scripts to rate limit all ports but 80 (http) during regular school hours to 5kb/s, and if someone needs more than that to talk to you about it

Online games won't absorb your bandwidth much unless someone is running something like a 64 person bf1942 server (can saturate a t3)