GOOD packet sniffers
Moderators: jelco, bert_the_turtle, Chris, Icepick, Rkiver
I need a packet sniffer that captures both incoming and outgoing data. Does anyone know where I can get one of these. And please don't just give me a link to some site with some crappy packet-sniffer, I have already tried just searching for them and downloading whatever. Please give me a site with one that works and preferably that you have used before. Thanks.
They can strike me down, but I will get back up.
They can try to scare me, but I am not afraid.
No matter what they do, they CANT stop me... Because I am a Freedom Fighter, and Freedom, is Forever.
They can try to scare me, but I am not afraid.
No matter what they do, they CANT stop me... Because I am a Freedom Fighter, and Freedom, is Forever.
- NeoThermic
- Introversion Staff
- Posts: 6256
- Joined: Sat Mar 02, 2002 10:55 am
- Location: ::1
- Contact:
Yeah, I've got one that I use alot... here is how to get it:
1) Learn C++
2) Learn Raw Sockets
3) Get an OS that has FULL raw sockets support [2K, XP, Linux, (macs?)]
4) Program your own packet sniffer via raw sockets.
Volia.
Any more questions?
Oh yeah... www.google.com might help alot ;
[so might the place where the link in my sig comes from]
NeoThermic
1) Learn C++
2) Learn Raw Sockets
3) Get an OS that has FULL raw sockets support [2K, XP, Linux, (macs?)]
4) Program your own packet sniffer via raw sockets.
Volia.
Any more questions?
Oh yeah... www.google.com might help alot ;
[so might the place where the link in my sig comes from]
NeoThermic
Not necessarily, since the server allows you to take full control over the person's computer, thus being able to remotely steer other clients (or servers) from the target.
But stop with the Sub7 crap, noone cares about it, okay?
The best packet sniffers are the ones you write yourself, do a lookup on Google. Offers lots of material on that subject!
But stop with the Sub7 crap, noone cares about it, okay?
The best packet sniffers are the ones you write yourself, do a lookup on Google. Offers lots of material on that subject!
-
- level5
- Posts: 11553
- Joined: Wed Jul 10, 2002 7:44 pm
- Location: Nashville, TN
- Contact:
Well there are several possibilities, you could snoop on wireless connections, or there are some very high end devices that allow you to monitor all electrical activity on a system from a distance, and so you can log key strokes, or snoop on the internet activity, etc. But both of those are generally well beyond what you would need. I think Dman was just playing the fool again.
-
- level3
- Posts: 451
- Joined: Thu Apr 25, 2002 7:05 pm
- Contact:
well its obvious he can not progrma his own, so my advice go with commercial options, unless ur on nix system, these often offer the easiest of solutions, as for incoming traffic, the only one i know of is a tool for bsd(forgot what its called) that logs all incoming packets, and can port scan a network at the same time, making it legal.
Quote: from Deepsmeg on 5:09 am on July 28, 2003[br]ethereal
Ethereal
Sniffing the glue that holds the Internet together
http://www.ethereal.com
GRADE 1 UPLINK AGENT Rating: TERMINAL
NEUROMANCER (Unofficial) Rating: Sociopathic
Balance: 16447420 credits
NEUROMANCER (Unofficial) Rating: Sociopathic
Balance: 16447420 credits
Fun networking fact of the day: Reading other people's packets
It's called Promiscuous Mode, here's how it works:
Let's say Alice and Bob are having a conversation on the network. It'd be like this.
[Alice]<---->[Hub]<---->[Bob]
But wait, I'm on the network too.
We'll call me Carl just to keep things straight.
WAN is the internet ("Wide Area Network"). We're all on the other side.
[WAN]<--->[Hub]<--->[Us]
So when we send packets on the network, it looks something like this:
[Alice]--->[Hub]---[WAN]
[Bob]<---[Hub]---[WAN]
But wait- this hub is pretty stupid. It doesn't know Alice from Bob from a piece of cheese. So how does it make sure I don't get the packets intended for Bob?
It doesn't. So here's what really happens:
[Alice]--->[Hub]---[WAN]
[Bob]<---[Hub]---[WAN]
[Carl]<---[Hub]---[WAN]
[Joe Shmoe from Accounting]<---[Hub]---[WAN]
It's basically like passing a note around in class with somebody's name on it-
From: Alice
To: Bob
Subject: Hey bob!
But it's actually sent to everyone. Normally, at a very low level, Carl sees "To: Bob" and just tosses out the message, while Bob sees it and reads it.
So putting your network tools into promiscuous mode is just like reading the letter your classmate told you to pass down (except of course that it's undetectable). I get a letter reading "To: Bob", but instead of ignoring it (passing it on) I log it and then ignore it (read it and pass it on).
And THAT my friends is how you can read every unencrypted packet on the same hub as you.
Hope you learned something.
It's called Promiscuous Mode, here's how it works:
Let's say Alice and Bob are having a conversation on the network. It'd be like this.
[Alice]<---->[Hub]<---->[Bob]
But wait, I'm on the network too.
Code: Select all
[WAN]
|
|
|
[Alice]<---->[Hub]<---->[Bob]
|
|
|
[Carl]
We'll call me Carl just to keep things straight.
WAN is the internet ("Wide Area Network"). We're all on the other side.
[WAN]<--->[Hub]<--->[Us]
So when we send packets on the network, it looks something like this:
[Alice]--->[Hub]---[WAN]
[Bob]<---[Hub]---[WAN]
But wait- this hub is pretty stupid. It doesn't know Alice from Bob from a piece of cheese. So how does it make sure I don't get the packets intended for Bob?
It doesn't. So here's what really happens:
[Alice]--->[Hub]---[WAN]
[Bob]<---[Hub]---[WAN]
[Carl]<---[Hub]---[WAN]
[Joe Shmoe from Accounting]<---[Hub]---[WAN]
It's basically like passing a note around in class with somebody's name on it-
From: Alice
To: Bob
Subject: Hey bob!
But it's actually sent to everyone. Normally, at a very low level, Carl sees "To: Bob" and just tosses out the message, while Bob sees it and reads it.
So putting your network tools into promiscuous mode is just like reading the letter your classmate told you to pass down (except of course that it's undetectable). I get a letter reading "To: Bob", but instead of ignoring it (passing it on) I log it and then ignore it (read it and pass it on).
And THAT my friends is how you can read every unencrypted packet on the same hub as you.
Hope you learned something.
00010001000100000000101100010111000 10110000100010001100001011111000101 10000100100000111100010000000011010 0001011000111100001000100001011
Who is online
Users browsing this forum: No registered users and 27 guests