Re: A Few Questions related to Network Administration and TrafficAnalysis

From: Scot L. Harris (webid_at_cfl.rr.com)
Date: 03/07/05

  • Next message: Brian Mury: "Re: Wanted: a "Save energy, be more secure" howto" 
    To: Fedora List <fedora-list@redhat.com>
Date: Mon, 07 Mar 2005 16:30:30 -0500

    On Mon, 2005-03-07 at 09:56, Matt Florido wrote:
    > On Mon, March 7, 2005 1:27 am, Rebel said:
    > [..]
    > >
    > > 2. Lets say I want to administer packets at the router
    > > level and want to see which packet is going to which
    > > machine (both to and fro), what tools/tips and
    > > techniques are recommended for the same.
    > >
    >
    > Check into tcpdump and ethereal. These are essentially packet capture
    > programs, as is snort. You can add modules to the latter to make it an
    > IDS.
    >
    > You want to make sure you're either on a promiscuous port on a switch, or
    > connected to a hub. The reason being, switches don't typically repeat
    > signals across all ports unless it has the ability to do so (higher end
    > switches). Hubs are simply signal repeaters which means nodes connected
    > to a hub sees packets/datagrams even though the destination is another
    > node.

    All of those tools are very good. (ethereal, tcpdump, snort, iptraf,
    ntop, nessus etc)

    In order of usefulness/importance I would say ethereal, nmap, nessus,
    ntop. Snort is good if you want a network intrusion detection system,
    but can be cumbersome to setup.

    ettercap is very good as well and can in some cases be used to sniff
    switches using a few different methods.

    And since you are running wireless connections don't forget kismet and
    gkismet. That tool will forever convince you that nothing on wireless
    should be run outside of ssh or VPN even with WEP enabled. 

    -- 
Scot L. Harris
webid@cfl.rr.com
Newton's Little-Known Seventh Law:
	A bird in the hand is safer than one overhead. 
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Brian Mury: "Re: Wanted: a "Save energy, be more secure" howto"

    Relevant Pages

    • Re: suffering from poor network performance...
      ... Switches are smarter and often have external management interfaces, ... they keep track of each port individually in terms of speed and duplex ... broken traffic to all listeners the way a hub does, ... regenerating packet timing and permitting much larger topologies. ...
      (freebsd-net)
    • Re: Switch, Hub and Router
      ... What is the different between Switch, Hub and Router? ... Multiport repeater that forwards a packet to all ports, ... layer-4 switches, ... Routers connect networks. ...
      (microsoft.public.win2000.networking)
    • Re: Linksys router
      ... (internal connections) ... Nearly all switches INCLUDING those built into routers etc. are auto-sensing for both speed and crossover. ... The only time you actually *NEED* a crossover cable is if you are hooking up directly two ports that dont have a built in hub, eg lan card to lan card. ... Just plug the devices together with standard cables and if the link status light comes on green at both ends you've got a working physical connection and it has sorted out crossover etc. for itself. ...
      (rec.crafts.metalworking)
    • Re: A Few Questions related to Network Administration and TrafficAnalysis
      ... These are essentially packet capture ... connected to a hub. ... The reason being, switches don't typically repeat ... Hubs are simply signal repeaters which means nodes connected ...
      (Fedora)
    • Re: weird scans from port 80
      ... > with a RST packet. ... > server which has clients with dynamic IP address. ... > How many open connections of this kind can the server ...
      (comp.os.linux.security)