Re: Sniffer - How's the best way to deploy ?

From: Lukasz Szmit <lukasz.szmit@xxxxxx>
Date: Wed, 12 Jul 2006 12:53:20 +0100

Hi Marcio,

Our first step is to isolate the PLC possible issue, so we will deploy a sniffer on the Switch 2955 that this PLC network is connected to. To do that were going to put a desktop with Ethereal installed on one of empty port on this switch and mirror the PLC switch port to the desktop switch port.

My doubt is: How
s the best way to do it ?

- I think this desktop must have two NIC, one with no ip configuration and other with ip configuration and also connected to another port that we can collect the data

You would need only one NIC, put into promiscious mode and listening for
traffic on a spanned (monitor session) port. This way you should capture
all data flowing between both endpoints.

- Whats the best sniffer to harvest this kind of data? Ethereal?

If you're on Unix/Linux tcpdump or ethereal are the best choice, under
Windows you probably won't find anything better than ethereal.

- Hows the best way to log this data? Is there any software for Windows to do it?

Well, with ethereal you can save the capture in libpcap format and than
analyze it whenever it suits you - both with tcpdump and ethereal.

regards,
--
Lukasz Szmit
University College Dublin

---------------------------------------------------------------------------
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and
practice to master. We can't teach you to hack. But we can teach you
what we've learned so far. Our courses are honest, real, technical
and practical. SensePost willl be at Black Hat Vegas in July. To see
what we're about, visit us at:

http://www.sensepost.com/training.html
---------------------------------------------------------------------------

Follow-Ups:
- RES: Sniffer - How's the best way to deploy ?
  - From: Ricardo Perin

References:
- Sniffer - How's the best way to deploy ?
  - From: marcioacosta

Prev by Date: Endpoint Security Products
Next by Date: RE: Wake-On-LAN security
Previous by thread: RE Sniffer - How's the best way to deploy ?
Next by thread: RES: Sniffer - How's the best way to deploy ?
Index(es):
- Date
- Thread

Relevant Pages

Re: DTC
... it's good practice to have it configured just in case. ... DTC, the revision of an existing app or the release of the next app may ... The recommended practice depends on the configuration of applications. ... practice to give the MSDTC its own cluster group with appropriate resources. ...
(microsoft.public.sqlserver.clustering)
Re: Landing with one spoiler
... But many places do not practice for this. ... Full spoilers deployed (to achieve symmetry) through approach, ... symmetrical, and control the approach in a regular configuration, than ... Just because there are several stories reported here of pilots who ...
(rec.aviation.soaring)
Re: Wanted: *Practical* Approach to Backups
... say by default but with parameters added to the shortcut command line, can be made to store their data, configuration info etc to a separate location. ... As far as I know, for example, there is no way to tell FrameMaker to look for maker.ini (its configuration file) anyplace other than the program directory. ... For example, Eudora hard-codes the path to attachments in mailbox files, so moving the attachments directory to some other location would break the links between messages and attachments. ... is this really what people do in practice: jump through hoops of file to coerce all their programs to put their configuration and user data in a special "data" directory so that it can be easily backed up? ...
(microsoft.public.win2000.general)
Re: Landing with one spoiler
... >But many places do not practice for this. ... >Full spoilers deployed (to achieve symmetry) through ... >typical error we find made by pilots in this configuration ...
(rec.aviation.soaring)