Solved

simple - packet sniffer

Posted on 2004-10-30
330 Views
Last Modified: 2013-12-04
I have seen a billion questions on EE about packet sniffing, but for some reason I can not find one that fits all of my needs.
need 1: free
need 2 : for windows -> rules out Snort, right?
need 3: snifs packets for my entire network, not just my computer - rules out ethereal.

For some reason, even when i put my network card in permiscuous mode in ethereal, i only see packets going to/from my computer, not the other computers behind the common router. Is there not an easy way to sniff packets when behind a router(as opposed to a hub or switch).

This should be a 2 second answer, I just got frusterated looking around for a sniffer that works. My next attempt will be to install cygwin and then install snort onto that, but I hope I do not have to do that.
Thank you.
0
Question by:jramrus
    6 Comments
     
    LVL 70

    Expert Comment

    by:Chris Dent

    If you're using Switches, Promiscuous mode won't achieve much (you'll only see broadcasts and traffic bound for that computer).

    What type of switches are you working with? Some have the option of allowing you to see all traffic on one port (I think Cisco).
    0
     

    Author Comment

    by:jramrus
    I am currently using  Lynxsis router(a division of Cisco). I have danced around the settings for it, but have not seen anything that helped me with this problem.
    Thanks.
    J
    0
     
    LVL 70

    Accepted Solution

    by:

    The Linksys kit isn't as high-spec as the Cisco kit unfortunately.

    But it's not really traffic passing to the router you want to watch is it? If it is I recommend getting a cheap hub and adding it between the switches and the router itself - running a computer with a sniffer directly off the hub will see everything that touches the router (everything passing through the hub).

    If you set up something like that Ethereal would happily capture all the traffic except internal network only.

    If it's just internal you want to watch then it's more difficult, aside from an option on the switch to capture all traffic I can't really think of much to help.
    0
     
    LVL 4

    Assisted Solution

    by:riotz
    well to sniff the packets for the whole network you have to make the network believe that "you" are the router..
    which is the so called "man in the middle" attack..
    you should check ettercap.. it has some pretty nice mitm attack.. and a great password sniffer aswell...
    i havent checked the sniffer of the new version out yet.. but it seems to capture all the packets going thru the network now..
    if that doesnt work and you are realy in need to capture every single packet combine it with ethereal..

    hope that helps..
    boh!
    0
     

    Author Comment

    by:jramrus
    I will give it a try. So it should work even though I am behind a router?
    Thank you very much.
    Jordan
    0
     
    LVL 4

    Expert Comment

    by:riotz
    uhm well when your router is no high tech ueber router it normaly should

    greets
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Shellfire Box VPN + Lifetime Subscription

    The Shellfire Box easily connects all of your devices, even those that don't offer the possibility to establish a safe vpn connection. Access blocked content and surf safely, no matter where in the world you are located.

    Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
    As a Mac user and former AppleCare AHA & Senior Advisor, I'm constantly bombarded with questions about Macs and if they need Antivirus. This short article is my response to those questions.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    857 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now