Sniff Packets
Packet sniffing is used to monitor packets traveling across a network. Packet sniffing software -- often called network monitoring software -- allows a user to see each byte of information that passes from a computer or server across the network. It can be used to detect network problems or intrusions and can also be used maliciously to try to get access to user names and passwords. There are many software packages available to help you learn how to sniff packets. The one to use depends on the type and structure of the network and the operating system.
Contents
Steps
Choose Packet Sniffing Software
- Determine what your operating system and network structure are to narrow down choices of what kind of packet sniffer to use. Some packet sniffers work across various platforms, but most are written for a specific operating system.
- Decide whether you can capture the traffic that you want to, based on your network structure. On wired networks, you can sniff packets across the network, depending on the hub or switch that’s being used. Check your switch and network setup, since some switches may prevent sniffing from another network subnet. On wireless LANs, you can only monitor traffic on a specified channel.
- Find out whether the sniffer supports promiscuous mode. It’s necessary to set the network adapter on the computer that will doing the sniffing to promiscuous mode. This will capture all types of network traffic – not just traffic being sent to the machine or a group that the machine belongs to.
- Decide how much you want to spend on a packet sniffer. There are several choices in packet sniffing software. They include free shareware versions like Ethereal; sniffers that are bundled with other software, like Microsoft Network Monitor, and fee-based systems like LAN watch.
- Check out screenshots, product literature, and user reviews before choosing a product. Make sure they have documentation, manuals, FAQs and other types of support to meet your needs.
Install Packet Sniffing Software
- Download the packet sniffing software and install it according to the manufacturer’s instructions.
- Configure the software. This varies by application. Generally, you’ll need to set up addresses to capture and choose an interface from the menu. For wireless networks, you’ll have to set the channel to be monitored.
- Hit the “start” button or command to start monitoring. Choose advanced options to filter incoming results.
- Select “stop” to stop the session and “save” to save the results.
- View the results. You’ll see each packet’s time, source, destination, protocol used and general information.
- Filter the display or select individual entries. This varies by the type of software, but usually shows the results on part of the screen while the entry is highlighted, or in full screen by double-clicking the entry. Most systems will allow you to filter results based on values in fields , comparisons between fields and other options.
- Get help from books, online resources, or user forums to learn more about how to sniff packets and interpret the results. The results you see onscreen may not be immediately clear until you have some experience in learning to decipher them.
Related Articles
- Monitor Network Traffic
- Become a Network Technician
- Know if You Have Spyware on Your Computer
- Stop Hackers from Invading Your Network
- Secure Your PC
- Fix Common Computer Network Issues
Sources and Citations
- http://www.tech-faq.com/packet-sniffer.shtml
- https://www.evilfingers.com/publications/howto_EN/HowTo%20-%20Use%20Packet%20Sniffers.pdf
- http://www.ipprimer.com/packets.cfm
- http://support.microsoft.com/kb/148942