Monitor / Sniff remote IP

Posted on 2005-03-21
Medium Priority
Last Modified: 2013-11-12
Is it possible to sniff packets on a remote network / public IP address?

I belive it is possible to monitor traffic on a LAN, but any tools or methods out there to monitor traffic for a webserver on a remote network?


Question by:thewhirlwind
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Assisted Solution

Chris99b earned 105 total points
ID: 13597570
Well, it's only possible to sniff traffic that is actually going to the NIC on the system that's doing the sniffing. Essentially, to sniff traffic from a particular system, you would need to:

A. Sniff the traffic with a machine that is on the same LAN (either through a hub, or a switch which supports port mirroring)

B. Sniff the traffic on the remote machine itself, and have it E-Mailed to you, posted to a webpage etc. (via a software package or the like)

C. Have the remote machine forward all packets to the monitoring machine (never tried this before. Theoretically it's possible, but I couldn't tell you how to do it)

LVL 88

Expert Comment

ID: 13598230
You can only sniff the total traffic of that remote network. Usually you don't have the server alone using such an IP, often there is some sort of firewall or gadget which is directly connected to the internet, and the server is behind that on a switch or hub, often using another physical, local address. What you then see when using a sniffer is the total traffic from that firewall or gadget, and not just the server. You will be able to see if the "Services" of that server are running or not (again, if there aren't other servers on the same network serving the same service on the same port).

Author Comment

ID: 13598574
Thank you both for the replies:

any suggestion of what application you would recommend for doing this.  What I am afraid of is that for example with EE the login process seems not to be secure, so could someone intercept the data packets that contain people's (or my!) login details?

does the interceptor need to sit on the LAN of EE or can he be sitting and sniffing the WAN port of EE's webserver/gateway from a different physical and IP location?

I wish to understand the vulnerability of not using secure logins, wether be it websites, POP3, IMAP, etc.
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

LVL 88

Accepted Solution

rindi earned 135 total points
ID: 13598741
The following site might give you some idea of tools with which you can scan your system for security holes:


Nmap is such tool which you might be looking for.

It depends what you want to check the secutity for. If it is your lan, I'd put it inside your lan. If is to check the security of your internet connection with the internet (like your example above), I'd put it in the wan.

The login process with EE happens using a normal http connection, so that would indicate that someone who listens in would be able to to succesfully analyze that traffic. If the connection were using https, it would be securer.

Assisted Solution

holger12345 earned 105 total points
ID: 13598912
Anybody sitting at any point in the middle of the traffic with access to an interface at a network right between the traffic endpoints can sniff the whole communication.
This statement is true, where the communication is done via ethernet protocol (the LAN ... but at the ISP side may be a LAN too ... and the ISP may sniff you too ;-) ).

Ethernet spreads all packets to the adjacent NICs ... so if you don't have some means to prevent others from reading insde (like https, ssl, ssh, VPN, PPTP, ...) you can follow the entire communication line with a PC bound to any LAN inbetween...

regards Holger

http is a fully readable ASCII code as is FTP and TELNET ... so you can simply sniff passwords without having to hack them - beware to use your best passwords in insecure environments !
LVL 27

Assisted Solution

pseudocyber earned 105 total points
ID: 13600350
>>Is it possible to sniff packets on a remote network / public IP address?

>>I belive it is possible to monitor traffic on a LAN, but any tools or methods out there to monitor traffic for a webserver on a remote network?

Sort of - most people call this spyware.

If you want to sniff/packet capture a network, you need to have some kind of physical access to some or all of it.  Cisco makes a neat feature where you can do a "remote span" or rspan of a port and not be immediately in proximity to the port you're capturing, but at some point, you have to have physical access - unless you install some sort of spying software on the target.

While it is true that http is "in the clear" - a well designed site does not send usernames and passwords in the clear, but encrypts them with SSL.  For instance, try doing a packet capture on YOUR OWN MACHINE and then see if you can pick out your username and password logging into a public email system such as Yahoo or Hotmail - or your bank.

If you want to ensure that web traffic is fairly secure, then use SSL.  If you want to ensure your email is secure, encrypt it.  If you're concerned about secure traffic over the Internet, use VPN.  if you're concerned about security on your LAN then design in encryption, authorization, and authentication mechanisms such as PKI.

Hope this helps.

Author Comment

ID: 13670101
Thank you all for your feedback, I believe I have a better understanding of essentially how unsecure data can be in a public or even private network.

My next question will be on WLAN security and it's shortfalls.

LVL 88

Expert Comment

ID: 13670146
thanx too.

Featured Post

7 Extremely Useful Linux Commands for Beginners

Just getting started with Linux? Here's a quick start guide that has 7 commands that we believe will come in handy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question