Sniffer - How's the best way to deploy ?



Please someone could tell me the best practice to deploy a sniffer on the network?

Here is my scenario:

I have PLC network that read some data from the assemble line and send to server which is located out of the site. Two or three time a week we ?lost? your Ethernet connection, this is what the floor people said, the true is for some reason the data is not processed correctly and the assemble line stop for a while (3 min max).

There are some technical root cause for that :

1- PLC is not working properly (not read or send data out)

2- Problem on LAN network

3- Problem on the WAN network, ?cause there is MPLS could to reach the server

4- Problem on the server (busy)

Our first step is to isolate the PLC possible issue, so we will deploy a sniffer on the Switch 2955 that this PLC network is connected to. To do that we?re going to put a desktop with Ethereal installed on one of empty port on this switch and mirror the PLC switch port to the desktop switch port.

My doubt is: How?s the best way to do it ?

- I think this desktop must have two NIC, one with no ip configuration and other with ip configuration and also connected to another port that we can collect the data

- What?s the best sniffer to harvest this kind of data? Ethereal?

- How?s the best way to log this data? Is there any software for Windows to do it?

- Any other concern or suggestion?



Thanks in advance,
Márcio

---------------------------------------------------------------------------
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and
practice to master. We can't teach you to hack. But we can teach you
what we've learned so far. Our courses are honest, real, technical
and practical. SensePost willl be at Black Hat Vegas in July. To see
what we're about, visit us at:

http://www.sensepost.com/training.html
---------------------------------------------------------------------------



Relevant Pages

  • Re: Firewall and IDS, (the second way).
    ... There's only two ways of detecting an IDS that I know. ... Look for the data stream from a remote sensor (sniffer) to wherever ... a network card usually discards ethernet ... This also isn't very useful for remote sniffer detection. ...
    (Vuln-Dev)
  • RE: Detecting Network Sniffers ???
    ... I am a network security person but not yet an expert in this field so ... Can somebody guide me on detecting a sniffer on my network. ... to facilitate one-on-one interaction with one of our expert instructors. ...
    (Security-Basics)
  • Re: packet sniffing help needed.
    ... In order to sniff traffic between the two victims, ... the sniffer on the same physical network. ... can take between the two to reliably try sniffing. ...
    (Security-Basics)
  • RE: Require password for network access
    ... Require password for network access ... practice to master. ... SensePost willl be at Black Hat Vegas in July. ...
    (Security-Basics)
  • RE: network security, network in general PODcast?
    ... Cause I'm not a security expert neither and I can argu with him on the Call for help show sometime. ... Objet : Re: network security, network in general PODcast? ... practice to master. ... SensePost willl be at Black Hat Vegas in July. ...
    (Security-Basics)