GOOD packet sniffers

xluryan · Postby **xluryan** » Mon Jul 28, 2003 7:31 am

I need a packet sniffer that captures both incoming and outgoing data. Does anyone know where I can get one of these. And please don't just give me a link to some site with some crappy packet-sniffer, I have already tried just searching for them and downloading whatever. Please give me a site with one that works and preferably that you have used before. Thanks.

Deepsmeg · Postby **Deepsmeg** » Mon Jul 28, 2003 10:09 am

ethereal

Postby **NeoThermic** » Mon Jul 28, 2003 10:29 am

Yeah, I've got one that I use alot... here is how to get it:
1) Learn C++
2) Learn Raw Sockets
3) Get an OS that has FULL raw sockets support [2K, XP, Linux, (macs?)]
4) Program your own packet sniffer via raw sockets.

Volia.
Any more questions?
Oh yeah... www.google.com might help alot ;

[so might the place where the link in my sig comes from]

NeoThermic

Luigi300 · Postby **Luigi300** » Mon Jul 28, 2003 1:54 pm

Back Orifice, Sub7...

Adriac · Postby **Adriac** » Mon Jul 28, 2003 1:59 pm

Yeah, Macs. BSD, baby.

There is actually a pretty cool gui implementation of the BSD tools, and Ethereal works out of the box (if you can get fink running

)

Dezmond · Postby **Dezmond** » Mon Jul 28, 2003 2:14 pm

You lot are so cruel... what you're really looking for is a wireless one. PM me for more details.

Slytz · Postby **Slytz** » Mon Jul 28, 2003 6:58 pm

Quote: from Luigi300 on 1:54 pm on July 28, 2003[br]Back Orifice, Sub7...

The second person to recomend someone to Back Orfice...If you would like a copy of the Subseven server send me a message I'll be more than happy to give it to you...

Slytz.

Darksun · Postby **Darksun** » Mon Jul 28, 2003 11:08 pm

Slytz, send it to me

/me pats 00[sub]7

Luigi300 · Postby **Luigi300** » Tue Jul 29, 2003 12:00 am

Right, two things. A: Sub7 is something for script kiddies. B: The file would be the client that you'd give me.

Starfyre · Postby **Starfyre** » Tue Jul 29, 2003 12:04 am

Not necessarily, since the server allows you to take full control over the person's computer, thus being able to remotely steer other clients (or servers) from the target.

But stop with the Sub7 crap, noone cares about it, okay?

The best packet sniffers are the ones you write yourself, do a lookup on Google. Offers lots of material on that subject!

andrewas · Postby **andrewas** » Tue Jul 29, 2003 12:44 am

Quote: from Dman on 2:14 pm on July 28, 2003[br]You lot are so cruel... what you're really looking for is a wireless one. PM me for more details.

Why in the nine hells would he want a wireless packet sniffer?

Stewsburntmonkey · Postby **Stewsburntmonkey** » Tue Jul 29, 2003 1:11 am

Well there are several possibilities, you could snoop on wireless connections, or there are some very high end devices that allow you to monitor all electrical activity on a system from a distance, and so you can log key strokes, or snoop on the internet activity, etc. But both of those are generally well beyond what you would need. I think Dman was just playing the fool again.

sir hackalot · Postby **sir hackalot** » Tue Jul 29, 2003 3:08 am

well its obvious he can not progrma his own, so my advice go with commercial options, unless ur on nix system, these often offer the easiest of solutions, as for incoming traffic, the only one i know of is a tool for bsd(forgot what its called) that logs all incoming packets, and can port scan a network at the same time, making it legal.

chocoba65 · Postby **chocoba65** » Sun Aug 03, 2003 10:14 pm

Quote: from Deepsmeg on 5:09 am on July 28, 2003[br]ethereal

Ethereal
Sniffing the glue that holds the Internet together
http://www.ethereal.com

Adriac · Postby **Adriac** » Sun Aug 03, 2003 10:56 pm

Fun networking fact of the day: Reading other people's packets

It's called Promiscuous Mode, here's how it works:

Let's say Alice and Bob are having a conversation on the network. It'd be like this.

[Alice]<---->[Hub]<---->[Bob]

But wait, I'm on the network too.

Code: Select all

            [WAN]
              |
              |
              |
[Alice]<---->[Hub]<---->[Bob]
              |
              |
              |
            [Carl]

We'll call me Carl just to keep things straight.
WAN is the internet ("Wide Area Network"). We're all on the other side.
[WAN]<--->[Hub]<--->[Us]
So when we send packets on the network, it looks something like this:
[Alice]--->[Hub]---[WAN]
[Bob]<---[Hub]---[WAN]
But wait- this hub is pretty stupid. It doesn't know Alice from Bob from a piece of cheese. So how does it make sure I don't get the packets intended for Bob?

It doesn't. So here's what really happens:
[Alice]--->[Hub]---[WAN]
[Bob]<---[Hub]---[WAN]
[Carl]<---[Hub]---[WAN]
[Joe Shmoe from Accounting]<---[Hub]---[WAN]

It's basically like passing a note around in class with somebody's name on it-

From: Alice
To: Bob
Subject: Hey bob!

But it's actually sent to everyone. Normally, at a very low level, Carl sees "To: Bob" and just tosses out the message, while Bob sees it and reads it.

So putting your network tools into promiscuous mode is just like reading the letter your classmate told you to pass down (except of course that it's undetectable). I get a letter reading "To: Bob", but instead of ignoring it (passing it on) I log it and then ignore it (read it and pass it on).

And THAT my friends is how you can read every unencrypted packet on the same hub as you.

Hope you learned something.

GOOD packet sniffers

Who is online