So, there are lots of protocol analyzers out there for WAN/LAN networks which can help a Tech monitor his network, capture data, etc etc..
I heard these only work with Networks which dont run on switches for some reason. If the Network is connected through a hub it might work, analyzer network traffic might work.
So any techies experienced with these types of protocol analyzers? What about running the analyzers on ISDN, ADSL networks?
Re: Protocol Analzyers ..sniff
To start with we need to understand that unlike hubs, switches prevent promiscuous sniffing.
It means that in a switched network environment, Packet Sniffer (or any other packet analyzer) is limited to capturing "broadcast and multicast packets" and the traffic sent or received by the PC on which Protocol Sniffer is running. This is because a switch will not forward others' packets to your PC.
One way of capturing the traffic (like HTTP) is to place the Packet Sniffer/Analyzer on the gateway.
Then there is another way, most modern switches support "port mirroring".
[quote]
Port mirroring is used on a network switch to send a copy of all network packets seen on one switch port to a network monitoring connection on another switch port. This is commonly used for network applicances that require monitoring of network traffic, such as an intrusion-detection system. Port mirroring on a Cisco Systems switch is generally referred to as Switch Port Analyzer (SPAN).
[/quote]
Im not such an expert at "port mirroring" maybe some one else can help you with that.
Re: Protocol Analzyers ..sniff
Another way to do this is by arp-poisoning. Making A feel like you (C) are B so A sends all the packets to you, you make a copy and forward to B telling B that you are A, so B sends its replies to you and you make copies and forward packets to A. This is also called the "Man In The Middle" routine.
Re: Protocol Analzyers ..sniff
TofiBaba with ARP spoofing the traffic of the "target" host is redirected to the desired host, but that will be possible for a single node -- isn't it. So cannot monitor all the traffic from all the nodes.
Moreover, with ARP spoofing the "target" will loose the traffic; that will ring some bells wont it?
Re: Protocol Analzyers ..sniff
Well, you can make every computer think that you are the gateway, so all traffic comes to you. Port-mirroring would work the same way so not much difference there.
Target won't really loose any traffic as you forward the packets to the correct destination once they've been sniffed. The only way to tell if that is going on is if you have a MAC-to-IP map stored and then if there's a deviation it rings a bell.
Re: Protocol Analzyers ..sniff
Use www.ethereal.com and use port (s) mirroring…
Re: Protocol Analzyers ..sniff
can etherreal be used on DSL, ISDN networks?
Re: Protocol Analzyers ..sniff
fragroute should serve the puropse to forward the packets to the target host once you are done with the monkey business …
Does it work with ADSL? Yes I think it does …
Re: Protocol Analzyers ..sniff
Yes, with the right supported protocols and plugins
Re: Protocol Analzyers ..sniff
so far I have found SolarWinds to be the best network monitoring and analysing tool.. but its pretty costly..
Ethereal is indeed a great application..
Re: Protocol Analzyers ..sniff
Is this http://www.broadframe.com/products/dslscope.html what you are looking for?
Re: Protocol Analzyers ..sniff
^ thank u so much TODD .....great tool...i ordered it, should get here in about 5 days :D
it doesnt say anything about X.25 protocol support.....SHDSL sounds good also... X.25 wouldve been great still :)
thanks for the help
Re: Protocol Analzyers ..sniff
I can give you couple of options.
1- Nai's Sniffer (The best you can get your hand on)
2- Cisco works (helps you when you have cisco devices in your network)
3-Nino network management (web based protocol analyzer and reporting tool)