Questions about packet sniffing

MeskaMeska
edited March 2007 in conversations
Okay so i want to sniff all info that is communicated on our LAN through http port 80 by all our comps. What is the best way of doing this? Do i use something like DSniff Control and what's the best feature to use (still trying to get my head round ARPspoof etc), and where would i place this application? Essentially i need to intercept communications done through Google Talk, and as it is been used here via a web browser, i suspect it is in cleartext over port 80. It is a security issue at work.

The network consists of a router connected to a hub, and then each of the computers on the LAN are patched into the Hub, including our Mac OS X Server. Would i place DSniff or similar on the server? Or can i get it to monitor traffic through the router from my mac?

Also what is the best way of directly sniffing traffic from a specific mac on the network?

I've spent a long time reading up and attempting to get various sniffers to work, but am clueless in TCP/IP 'acking like.

Any help really appreciated, thank you!

Comments

  • BiffBiff
    edited 11:06AM
    If you're the IT guy, the best thing you can do is use dsniff control, and put a mac between your router and your internet at large. This will obviously require two network ports on the sniffing computer.

    I've found a machine hanging off the wired network misses stuff. The interception method is the best way to go. Do consider, that this manner of sniffing may be illegal without notifying the individuals that are being monitored depending on the laws of the land.
  • BiffBiff
    edited 11:06AM
    Oh, and:

    http://personalpages.tds.net/~brian_hill/macsniffer.html

    Consider the network topography. If you have all switches, then there'll be packets on the network that never reach the monitoring computer. Hence, the machine at the head of the network as a catch-all.
  • MeskaMeska
    edited March 2007
    I am the IT guy - and i've been asked by the MD to be vigilant. I'm also looking for holes in our network, as we have a wifi network hanging off the wired.

    Thanks for the advice Biffsta!
  • BiffBiff
    edited March 2007
    Wireless sniffing is a different beast, and may require a pair of setups. Is your router and the Access point the same, or are there access points hanging off the wired LAN?

    Count on the wired network being holey. Wireless security is a tightrope act between accessibility and security.
  • MeskaMeska
    edited 11:06AM
    The Airport hub hangs off one of the hub connections, all internet traffic go through the main router.
  • BiffBiff
    edited 11:06AM
    Sweet. Just do what I suggested in #2 up there, and you're good.
Sign In or Register to comment.

© fazyluckers, the forum 2024