Re: how to sniffer the packages from one computer to another?
From: John T. Hollyoak (john_at_mail.isc.rit.edu)
Date: 09/12/03
- Previous message: Dr Aldo Medina: "Ping Cyberkit 2.2"
- In reply to: ja5150_at_optonline.net: "Re: how to sniffer the packages from one computer to another?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 11 Sep 2003 18:59:49 -0400 To: security-basics@securityfocus.com
Joe,
First and foremost, since you are on a win2k platform, I would recommend
that you go out and get Ethereal http://www.ethereal.com It is a good
program to use when analyzing packet streams (not packages per your subject
:P). It's pretty handy filtering out specific streams / protocols /
sources / destinations ... whatever.
As an example, I would familiarize myself with TCP and UDP (3-way handshake,
4-way handshake) etc..etc.. learning all the acknowledgement numbers, and
how the packets are sequenced and fit together. A simple google search
yields, this: http://www.dragonmount.net/tutorials/tcpip/part1/index.php.
Guy does a decent job of writing up the 3-way handshake.
It just takes practice, and knowledge of what protocols you are trying to
see/troubleshoot. If you don't understand the TCP protocol down to core,
looking at the streams of packets of TCP aren't going to make much sense.
> I would also like to know how to monitor for suspicious traffic?
For this, I would look into an NIDS or HIDS (network intrusion detection
system and host). Again google will spit up a plethora of information.
Hope this helps. Feel free to ask any specific questions.
John
----- Original Message -----
From: <ja5150@optonline.net>
To: <jvfields@tds.net>; <blinder@cwazy.co.uk>;
<security-basics@lists.securityfocus.com>
Sent: Thursday, September 11, 2003 2:21 PM
Subject: Re: how to sniffer the packages from one computer to another?
> I am a Network Administrator and a newbie to using packet sniffers. I am
> currently using a Network Monitor that came with our Win2k server. I need
> help anaylzing the data, does anyone know a book or other material that
> would help me? I've read a few articles on this site on how to use and
read
> tcp dump. I am currently working on an issue that I have with an
> application that is running slower on one of our client pc's.
>
> I would also like to know how to monitor for suspicious traffic?
>
> Joe
>
> Original Message:
> -----------------
> From: James Fields jvfields@tds.net
> Date: Tue, 09 Sep 2003 19:26:14 -0400
> To: blinder@cwazy.co.uk, security-basics@lists.securityfocus.com
> Subject: Re: how to sniffer the packages from one computer to another?
>
>
> You want to intercept the "packages" (I hope you mean packets) and alter
> them before they arrive at the destination computer? Simply sniffing will
> not do the trick - the point of sniffing is not to divert the packets but
to
> capture a copy of them and usually does not involve putting yourself into
> the path as one of the actual "hops" between devices.
>
> There are some methods of doing this - Ettercap and some other programs
will
> allow you to actually trick the network into diverting packets to your
> machine and letting you forward them after you have seen them. However I
do
> not know if those tools allow you to alter the packets in any significant
> way.
>
> We often see messages on this list that sound like people are asking for
> help with actual hacking, although it is frequently the case that people
> just want to learn more to secure their own networks. I think if you are
> going to ask a question like this and expect a more in depth answer, it
> would be a good idea to give us some background regarding your
> purpose...intentionally diverting and altering network traffic is not
> something a security engineer would usually be interested in doing.
>
> ----- Original Message -----
> From: <blinder@cwazy.co.uk>
> To: <security-basics@lists.securityfocus.com>
> Sent: Friday, September 05, 2003 7:40 PM
> Subject: how to sniffer the packages from one computer to another?
>
>
> >
> > hey,everyone ,
> > may I know if there is a tool that can sinffe the packages from one
> > computer to anther,
> > and if I want to change the contents of the packages,
> > what should I do?
> >
> > Thanks !
> >
> >
> >
> >
> >
> >
>
> --------------------------------------------------------------------------
> -
> > Captus Networks
> > Are you prepared for the next Sobig & Blaster?
> > - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
> > - Precisely Define and Implement Network Security
> > - Automatically Control P2P, IM and Spam Traffic
> > FIND OUT NOW - FREE Vulnerability Assessment Toolkit
> > http://www.captusnetworks.com/ads/42.htm
>
> --------------------------------------------------------------------------
> --
> >
> >
>
>
>
> --------------------------------------------------------------------------
-
> Captus Networks
> Are you prepared for the next Sobig & Blaster?
> - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
> - Precisely Define and Implement Network Security
> - Automatically Control P2P, IM and Spam Traffic
> FIND OUT NOW - FREE Vulnerability Assessment Toolkit
> http://www.captusnetworks.com/ads/42.htm
> --------------------------------------------------------------------------
-- > > > -------------------------------------------------------------------- > mail2web - Check your email from the web at > http://mail2web.com/ . > > > > -------------------------------------------------------------------------- - > Captus Networks > Are you prepared for the next Sobig & Blaster? > - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans > - Precisely Define and Implement Network Security > - Automatically Control P2P, IM and Spam Traffic > FIND OUT NOW - FREE Vulnerability Assessment Toolkit > http://www.captusnetworks.com/ads/42.htm > -------------------------------------------------------------------------- -- > --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
- Previous message: Dr Aldo Medina: "Ping Cyberkit 2.2"
- In reply to: ja5150_at_optonline.net: "Re: how to sniffer the packages from one computer to another?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
