RE: [expert] Network sniffing, how?
I'll bet you are a lucky person! When I received my first cable modem, I only saw activity when I was on it. Powering down my machines resulted in no activity on the lights. Later I had to exchange the unit with another. After that I started seeing a lot of activity with no machines powered up. The Cable modem can communicate to a specific node at the remote end dependant upon the frequency (channel) selected to carry signal. ISP's frequently break up the load by putting groups of people, or areas on specific channels. It may be that you are in a sparse area, or a channel that is as of yet private to you. Try running IPTRAF and put it into promiscuous mode. Look for other machines on your subnet. If you see none, count your blessings! -JMS -Original Message- From: Mitch Thompson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 27, 2001 6:26 AM To: Jose M. Sanchez; 'Laurent Duperval'; 'Mandrake Expert List' Subject: Re: [expert] Network sniffing, how? -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Interesting. Either my cablemodem (Toshiba) is filtering, or I am the only one on my subnet. I never see any activity except mine, and arp requests from the gateway. On Wednesday 27 June 2001 12:24 am, Jose M. Sanchez wrote: Some activity? Wow are you lucky. Cable modems are a shared resource. As such you basically share a fat pipe with everyone in a several MILE radius. I frequently use iptraf (set to promiscuous mode) to find out who is hogging the bandwidth. Since it displays the sites (it does DNS resolves for you!) people are going to, you can see what everyone is looking at or sites that they are going to. That said, I'm not a napster user, but boy they did have many people plugging away on it. It's also interesting to note how many misconfigured machines ISP's have hooked up to the headends. Doing everything from leaking NetBIOS packets, etc. to local machines and on out to the internet. Fun stuff... -JMS - -- Mitch Thompson, San Antonio TX Redhat Certified Engineer #80609957760032 http://www.redhat.com/training/rhce/certification/index.html Key fingerprint = BBDA 3A2A 4483 BD0D 7CED B8A9 D183 C8F6 B0AF 66AE - -- Time flies like an arrow, and fruit flies like a banana. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iQIXAwUBOzm0qdGDyPawr2auFANNKQf/WzQmuDIOjGfpOSTVQz8KT1PTXpnUZaoV 5frum7hQgkZQ7bUF2XU9vpbx9OZAjFVVIfWAHpVXsnwIs1Emj7Dd15DAOCQvoH7Q wAhJsMR1Vyx6DuQKfb+jYzio5RiNqsrVjRvaTJ6cMny2F03mw5LQYP2JHOaXwSqW TffQZEkfGn6qJIijqPhuNsh+5P8WezmoxSRmXgMuUyO6thYA57QMOHaP3jStbwNJ 0bPAOms7ONenO/6+7tZGTc7PFGxmHLqanmtQTuqBBCmcWPLAwDy/vk8+Q20TpnKc WiCNmdDuLIhRgm6RCBVoMI5gELp18kcvQ4DMf5Bqm6awWhFDldYSBwf6Amb261Nh CpGrnXFL4tCjSGLL+fkCUn2jvf7Gd6hEFOVOz7nLt6U88D3Xj8VK2NMVUkdf6A+G xsfuyX+G9RDjpMPRi0jzTRE2fdp14zFR/4aKpR2Dfq6wU5Ky5HBWceSBJPpA0/Fh 6paq6Ynekapm7UaxKNpOCXEC/glWFHTPLi5bICMxESUEA3bwdxIhpVHt7yMo7ris vkAxHj9SUdMY5uWBa20Kpr+oEPMwgcIN1C3RR1UsRAP9s/TMEVsCAz5T9s1u5DSW 21fYcNX+15RzzLtoNbXpEMlfw6BQOhaQ49OnCFUOODeLG2Edr/0zLmpTNTwwPbaF i/08E+OslsXGpQ== =Iyka -END PGP SIGNATURE-
Re: [expert] Network sniffing, how?
On Tuesday, June 26, 2001, at 11:57 PM, Craig Sprout wrote: Laurent Duperval wrote: Hi, How do I sniff the packets coming thru my network connection? At home, I have a cable modem and last night I noticed some activity on it, though I know I'm not doing anything using the network. How can I sniff what's going on there? Ethereal is a packet analyzer that is, IMO, one of the most useful network tools you can have in your arsenal. Or, for something a little more raw you could try tcpdump.
Re: [expert] Network sniffing, how?
Look for snort. This is perhaps one of the best sniffers/security tools available. It is not difficult to learn, has many switches and configuration possibilities. Just mentioning it is bringing a tear to my eye, I'm getting so choked up... Get snort. You will not be sorry. On Tuesday 26 June 2001 08:18, you wrote: On Tuesday, June 26, 2001, at 11:57 PM, Craig Sprout wrote: Laurent Duperval wrote: Hi, How do I sniff the packets coming thru my network connection? At home, I have a cable modem and last night I noticed some activity on it, though I know I'm not doing anything using the network. How can I sniff what's going on there? Ethereal is a packet analyzer that is, IMO, one of the most useful network tools you can have in your arsenal. Or, for something a little more raw you could try tcpdump.
Re: [expert] Network sniffing, how?
On Tuesday 26 June 2001 13:26, Praedor Tempus wrote: Look for snort. This is perhaps one of the best sniffers/security tools available. It is not difficult to learn, has many switches and configuration possibilities. Just mentioning it is bringing a tear to my eye, I'm getting so choked up... Get snort. You will not be sorry. On Tuesday 26 June 2001 08:18, you wrote: On Tuesday, June 26, 2001, at 11:57 PM, Craig Sprout wrote: Laurent Duperval wrote: Hi, How do I sniff the packets coming thru my network connection? At home, I have a cable modem and last night I noticed some activity on it, though I know I'm not doing anything using the network. How can I sniff what's going on there? Ethereal is a packet analyzer that is, IMO, one of the most useful network tools you can have in your arsenal. Or, for something a little more raw you could try tcpdump. For a simple network monitor with ip information all on one screen realtime try iptraf it rocks especially if you have an single firewall with own monitor .
RE: [expert] Network sniffing, how?
Some activity? Wow are you lucky. Cable modems are a shared resource. As such you basically share a fat pipe with everyone in a several MILE radius. I frequently use iptraf (set to promiscuous mode) to find out who is hogging the bandwidth. Since it displays the sites (it does DNS resolves for you!) people are going to, you can see what everyone is looking at or sites that they are going to. That said, I'm not a napster user, but boy they did have many people plugging away on it. It's also interesting to note how many misconfigured machines ISP's have hooked up to the headends. Doing everything from leaking NetBIOS packets, etc. to local machines and on out to the internet. Fun stuff... -JMS -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Laurent Duperval Sent: Tuesday, June 26, 2001 8:59 AM To: Mandrake Expert List Subject: [expert] Network sniffing, how? Hi, How do I sniff the packets coming thru my network connection? At home, I have a cable modem and last night I noticed some activity on it, though I know I'm not doing anything using the network. How can I sniff what's going on there? Thanks, L -- Laurent Duperval mailto:[EMAIL PROTECTED] If a cow laughed, would milk come out her nose?
Re: [expert] Network sniffing, how?
Laurent Duperval wrote: Hi, How do I sniff the packets coming thru my network connection? At home, I have a cable modem and last night I noticed some activity on it, though I know I'm not doing anything using the network. How can I sniff what's going on there? Ethereal is a packet analyzer that is, IMO, one of the most useful network tools you can have in your arsenal. www.ethereal.com -- Craig Sprout Network Administrator Crown Parts and Machine, Inc. http://www.crownpartsandmachine.com
