Advice on setting up a packet sniffer at home

Hi all -

I am a little confused about how to go about setting up a packet
sniffer on my main computer to monitor traffic my my other machines.
Specifically, I have two laptops - one running Windows and the other a
Mac running Mac OS X - that I would like to be able to see traffic and
packet information for. My main computer is connected via CAT 5 and
both of the laptops are connected wirelessly, all to my D-Link router.

What software/steps do I need to get/do in order to get this up and
running? Thanks in advance!

jf

Re: Advice on setting up a packet sniffer at home

vblvbl@gmail.com wrote:
> I have two laptops - one running Windows and the other a
> Mac running Mac OS X
> ...
> What software/steps do I need to get/do in order to get this up and
> running?

http://ethereal.darwinports.com/
http://www.ethereal.com/distribution/win32/

HTH,
VB.
--
maximum inquementum tum biguttam egresso scribe. meo maximo vestibulo
perlegamentum da. da duo tum maximum conscribementa meis listis. dum listis
decapitamentum damentum nexto fac sic nextum tum novumversum scribe egresso.
lista sic hoc recidementum nextum cis vannementa da listis. cis.

Re: Advice on setting up a packet sniffer at home

Is there any wat for me to just monitor traffic via the D-LINK router?
So I can see what each IP/MAC address on the local LAN (wireless or
not) is sending and receiving.

Re: Advice on setting up a packet sniffer at home

vblvbl@gmail.com wrote:
> Is there any wat for me to just monitor traffic via the D-LINK router?
> So I can see what each IP/MAC address on the local LAN (wireless or
> not) is sending and receiving.

Yes, use a packet sniffer. Or has the D-Link device some logging facilities?
http://support.dlink.com/

Yours,
VB.
--
maximum inquementum tum biguttam egresso scribe. meo maximo vestibulo
perlegamentum da. da duo tum maximum conscribementa meis listis. dum listis
decapitamentum damentum nexto fac sic nextum tum novumversum scribe egresso.
lista sic hoc recidementum nextum cis vannementa da listis. cis.

Re: Advice on setting up a packet sniffer at home

I have gotten some packet sniffers, but when installed on my main
machine they do not pick up the adapters for the router or any other
computer networked to the router. Can you advise on a fix? Thank you
for your help !

Re: Advice on setting up a packet sniffer at home

vblvbl@gmail.com wrote:
> I have gotten some packet sniffers, but when installed on my main
> machine they do not pick up the adapters for the router or any other
> computer networked to the router.

You need to drive your NIC in promiscous mode, and the drivers for this
NIC have to support this.

Yours,
VB.
--
maximum inquementum tum biguttam egresso scribe. meo maximo vestibulo
perlegamentum da. da duo tum maximum conscribementa meis listis. dum listis
decapitamentum damentum nexto fac sic nextum tum novumversum scribe egresso.
lista sic hoc recidementum nextum cis vannementa da listis. cis.

Re: Advice on setting up a packet sniffer at home

The NIC on the machine from which I want to monitor? And how is that
accomplished?

I have a 3COM EtherLink 10/100 PCI (3C905C-TX).

I'll run some searches in the meantime to see if I can find
instructions on my own. Thanks again - you rok.

Re: Advice on setting up a packet sniffer at home

Oh, and do the other adapters have to be in "prom" mode, or just the
NIC from which I want to monitor?

Re: Advice on setting up a packet sniffer at home

vblvbl@gmail.com wrote:
> The NIC on the machine from which I want to monitor? And how is that
> accomplished?
> I have a 3COM EtherLink 10/100 PCI (3C905C-TX).

This depends on your operating system and the drivers there.

Which OS are you driving exactly?

Yours,
VB.
--
maximum inquementum tum biguttam egresso scribe. meo maximo vestibulo
perlegamentum da. da duo tum maximum conscribementa meis listis. dum listis
decapitamentum damentum nexto fac sic nextum tum novumversum scribe egresso.
lista sic hoc recidementum nextum cis vannementa da listis. cis.

Re: Advice on setting up a packet sniffer at home

XP Home.

Re: Advice on setting up a packet sniffer at home

vblvbl@gmail.com wrote:
> Oh, and do the other adapters have to be in "prom" mode, or just the
> NIC from which I want to monitor?

The latter one.

Yours,
VB.
--
maximum inquementum tum biguttam egresso scribe. meo maximo vestibulo
perlegamentum da. da duo tum maximum conscribementa meis listis. dum listis
decapitamentum damentum nexto fac sic nextum tum novumversum scribe egresso.
lista sic hoc recidementum nextum cis vannementa da listis. cis.

Re: Advice on setting up a packet sniffer at home

Oddly, all of the instructions tell me to change settings in the
ifconfig... but I can't find anything resembling this for my card.
Thoughts?

Re: Advice on setting up a packet sniffer at home

Still having trouble finding instructions on changing the card's mode.
I know it's capable. Most of what I see are Linux instructions.

Re: Advice on setting up a packet sniffer at home

Sorry, I need to clarify to be sure. I want to know what the Laptops
are doing from software on my tower. So I need to set the tower's NIC
to promiscuous so it can sniff all of the packets from the laptops?

And I am having issues finding instructions for my NIC and promiscuous
mode - any hints? Thanks!

Re: Advice on setting up a packet sniffer at home

vblvbl@gmail.com wrote:
> XP Home.

Forget it. Unfortunately, GRC started an idiotic campain some time ago:

http://www.microsoft.com/technet/archive/security/news/raw_s ockets.mspx

And Microsoft gave in. They removed raw socket support in Windows XP SP2:

http://www.microsoft.com/technet/prodtechnol/winxppro/mainta in/sp2netwk.mspx#EIAA

So it's not possible any more for useful sniffing software to run on
Windows XP.

Of course, this does not protect in any way, because it's possible to
insert kernel code for an attacker, which just ignores these constraints.

But no sniffer developer I know has time or does want to spend time on such
a ridiculous topic - so all the useful sniffing software will not run on
Windows XP any more, thanx to GRC and their idiocy, and to Microsoft
for following this debility.

http://grcsucks.com

There is a solution for you, though:

http://www.knoppix-std.org/tools.html

Yours,
VB.
--
maximum inquementum tum biguttam egresso scribe. meo maximo vestibulo
perlegamentum da. da duo tum maximum conscribementa meis listis. dum listis
decapitamentum damentum nexto fac sic nextum tum novumversum scribe egresso.
lista sic hoc recidementum nextum cis vannementa da listis. cis.

Re: Advice on setting up a packet sniffer at home

vblvbl@gmail.com wrote:
> Sorry, I need to clarify to be sure. I want to know what the Laptops
> are doing from software on my tower. So I need to set the tower's NIC
> to promiscuous so it can sniff all of the packets from the laptops?

Doesn't matter, if the network is not switched. Just use _any_ box there.

Yours,
VB.
--
maximum inquementum tum biguttam egresso scribe. meo maximo vestibulo
perlegamentum da. da duo tum maximum conscribementa meis listis. dum listis
decapitamentum damentum nexto fac sic nextum tum novumversum scribe egresso.
lista sic hoc recidementum nextum cis vannementa da listis. cis.

Re: Advice on setting up a packet sniffer at home

Figures. Thanks for the footwork on that.

I am grabbing the Knoppix ISO right now. I presume that I'll still have
to turn my NIC promiscuous - any tips on doing that?

Re: Advice on setting up a packet sniffer at home

vblvbl@gmail.com wrote:
> I am grabbing the Knoppix ISO right now. I presume that I'll still have
> to turn my NIC promiscuous - any tips on doing that?

Ethereal will do this for you.

Yours,
VB.
--
maximum inquementum tum biguttam egresso scribe. meo maximo vestibulo
perlegamentum da. da duo tum maximum conscribementa meis listis. dum listis
decapitamentum damentum nexto fac sic nextum tum novumversum scribe egresso.
lista sic hoc recidementum nextum cis vannementa da listis. cis.

Re: Advice on setting up a packet sniffer at home

In article <1137450249.056236.5400@g43g2000cwa.googlegroups.com>,
vblvbl@gmail.com wrote:

> Sorry, I need to clarify to be sure. I want to know what the Laptops
> are doing from software on my tower. So I need to set the tower's NIC
> to promiscuous so it can sniff all of the packets from the laptops?
>
> And I am having issues finding instructions for my NIC and promiscuous
> mode - any hints? Thanks!

Most sniffer applications, such as Ethereal and tcpdump, do this
automatically for you. They generally default to promiscuous mode, and
you have to do something special to prevent it.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

Re: Advice on setting up a packet sniffer at home

vblvbl@gmail.com wrote:
> The NIC on the machine from which I want to monitor? And how is that
> accomplished?
>
> I have a 3COM EtherLink 10/100 PCI (3C905C-TX).
>
> I'll run some searches in the meantime to see if I can find
> instructions on my own. Thanks again - you rok.

If you are connected via a switch, or the D-Link has switching ports you
will NOT see all traffic from other machines. You will see broadcasts,
multicasts and unicasts.
You need to install a hub (L1 broadcast device) or build an inline sniffer.
E.

Re: Advice on setting up a packet sniffer at home

Volker Birk wrote:
> vblvbl@gmail.com wrote:
> > XP Home.
> Forget it.

I have to correct myself. After reading the hping/win32 entry in the
hping wiki, I found a link to the nmap-hackers list with this topic.

And I fell from my chair, laughing:

http://seclists.org/lists/nmap-hackers/2004/Jul-Sep/0003.htm l

| Instead of sending
| raw IP packets, we move one layer down and send our raw IP packets in
| raw ethernet frames. It took Microsoft years to develop SP2, but
| attackers can completely defeat the raw socket and (with a little more
| work) connect() restrictions in minutes!

So changing ethereal, too, would be no problem.

*ROTFL*,
VB - not using such tools on Windows so far.
--
maximum inquementum tum biguttam egresso scribe. meo maximo vestibulo
perlegamentum da. da duo tum maximum conscribementa meis listis. dum listis
decapitamentum damentum nexto fac sic nextum tum novumversum scribe egresso.
lista sic hoc recidementum nextum cis vannementa da listis. cis.