PDA

View Full Version : Check network traffic to/from your computer



N1LAF
10-04-2009, 07:56 PM
Checkout Wireshark! And it's free. Available for Windows, LINUX, OS X

http://www.wireshark.org/

About Wireshark

Wireshark is the world's foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Features

Wireshark has a rich feature set which includes the following:

* Deep inspection of hundreds of protocols, with more being added all the time
* Live capture and offline analysis
* Standard three-pane packet browser
* Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
* Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
* The most powerful display filters in the industry
* Rich VoIP analysis
* Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
* Capture files compressed with gzip can be decompressed on the fly
* Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
* Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
* Coloring rules can be applied to the packet list for quick, intuitive analysis
* Output can be exported to XML, PostScript®, CSV, or plain text

W4GPL
10-04-2009, 07:59 PM
+1

Wireshark is fun near open wireless access points too -- or so I've heard. :snicker: I (in theory) would use airodump-ng to capture the data and analyse it with Wireshark. It's amazing how many people check their e-mail not using encryption over unencrypted WiFi, so I've heard.

http://www.thinkgeek.com/images/products/front/lg-i-read-your-email.jpg

N1LAF
10-04-2009, 08:06 PM
Even better, there is a portable app for Wireshark

KG4CGC
10-04-2009, 08:24 PM
Very cool. I want to explore it.

n2ize
10-04-2009, 09:03 PM
Yeah, it's fun to fire up sometimes and watch the traffic bouncing around on my local network, watching stuff being sent out of the local net into the world and watch stuff coming back in. There's a whole lot of stuff going on there. The network is rarely quiet for very long.

W2NAP
10-04-2009, 09:26 PM
i have it on the BackTrack CD....

and thats all im gonna say about that

ad4mg
10-05-2009, 06:45 PM
Checkout Wireshark! And it's free. Available for Windows, LINUX, OS X

http://www.wireshark.org/

About Wireshark

Wireshark is the world's foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Features

Wireshark has a rich feature set which includes the following:

* Deep inspection of hundreds of protocols, with more being added all the time
* Live capture and offline analysis
* Standard three-pane packet browser
* Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
* Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
* The most powerful display filters in the industry
* Rich VoIP analysis
* Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
* Capture files compressed with gzip can be decompressed on the fly
* Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
* Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
* Coloring rules can be applied to the packet list for quick, intuitive analysis
* Output can be exported to XML, PostScript®, CSV, or plain text
Fascinating program! I installed it on 2 of my Ubuntu boxes, and have been watching the stuff fly by.

Compared to amateur radio packet (I run a JNOS BBS, uses internet protocol), it sure is busy!

kf0rt
10-08-2009, 08:53 PM
Sweet!

I've been using a different program for this for ages, can't even remember the name.

Did a quick download of wireshark today, and it appears to be solid. Possible even to add proprietary protocol decoders? Ooooh, baby. I'll be looking into this some more.

Thanks, Paul.

W2NAP
10-08-2009, 08:57 PM
download back track and burn the iso to cd.

its a live cd with a ton of tools i give a 5/5

N1LAF
10-08-2009, 10:13 PM
Sweet!

I've been using a different program for this for ages, can't even remember the name.

Did a quick download of wireshark today, and it appears to be solid. Possible even to add proprietary protocol decoders? Ooooh, baby. I'll be looking into this some more.

Thanks, Paul.

There is a way to copy hex stream, and I wrote a program to decode that hexstream when pasted into the program.

AF6LJ
10-09-2009, 06:58 AM
It's a very useful tool, ;)
Found it about 3 years ago when I was looking for a replacment for another packet analyzer I use to use.

KC2UGV
10-09-2009, 07:39 AM
This is an awesome tool, been using it since it was called Ethereal. And, I like the fact that BackTrack includes it :) Very useful when you sniff traffic for an hour right before a consultancy appointment, find passwords and show them. Makes it easier to explain why you want to bill them $175/hr :)

HUGH
10-19-2009, 02:45 PM
I use a little freebie called "Cports". It tells me all I need which is which ports are connected to what and enables a quick disconnection if I don't like the look of something.
This may not suffice if you want to see further details down the chain though.

N1LAF
10-19-2009, 02:52 PM
I use a little freebie called "Cports". It tells me all I need which is which ports are connected to what and enables a quick disconnection if I don't like the look of something.
This may not suffice if you want to see further details down the chain though.

Thanks for the information

Downloaded, scanned for virus and spyware (negative), and looks like it does what it says it will do.

http://www.nirsoft.net/utils/cports.html

However, one of their other tools did not pass AVG, flagged as spyware... (sniffpass)
Proceed at your own risk...