Re: Can I monitor my network?

Thu, 24 Mar 2005 12:41:49 -0800 

Steve Fuller wrote:

As it is NmapFE is pretty simple. It will tell you what other systems are on your network, and what, to some extent they're doing there.

Sorry if I am repeating someone else here, I came into this conversation late and missed most of it.

Arpwatch will keep an eye on your LAN for changes to MAC addresses as well as IPs, and will email you a report to boot. So, if someone were to attach to your wLAN, you could find out about it this way, even if they attempt to use a previously used IP address to try to mask their login, because arpwatch will show changes in Ethernet card vendor too.

Nmap will allow you to probe a system on your LAN or not to look for open ports and/or listening services.

Etherape will give you a visual display of traffic on your LAN. It's not very useful for trapping events because a trail can disappear fast, but it can help you distinguish traffic visually.

To actually monitor what is going on within a LAN:

Ethereal is a nice X tool, but it is a resource hog and can intermittently lock up, especially if you let it run on and on, capturing and displaying packets.

I prefer a good command-line tool instead, such as ngrep (network grep). This is a packet sniffer that will allow you to capture part or all of the traffic emanating from or going to a particular system, or your entire LAN. You can spool the packets to disk to be read later, or set up a shell script to occasionally email you a copy of the spool file and then empty it for more data.



--
G-Books is sponsored by <http://lowendmac.com/> and...

Small Dog Electronics    http://www.smalldog.com  | Refurbished Drives |
-- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |

     Support Low End Mac <http://lowendmac.com/lists/support.html>

G-Books list info:      <http://lowendmac.com/lists/g-books.html>
 --> AOL users, remove "mailto:";
Send list messages to:  <mailto:G-Books@mail.maclaunch.com>
To unsubscribe, email:  <mailto:[EMAIL PROTECTED]>
For digest mode, email: <mailto:[EMAIL PROTECTED]>
Subscription questions: <mailto:[EMAIL PROTECTED]>
Archive: <http://www.mail-archive.com/g-books%40mail.maclaunch.com/>



---------------------------------------------------------------
iPod Accessories for Less
at 1-800-iPOD.COM
Fast Delivery, Low Price, Good Deal
www.1800ipod.com
---------------------------------------------------------------

Reply via email to