A Few Questions related to Network Administration and TrafficAnalysis

Scot L. Harris webid at cfl.rr.com
Mon Mar 7 21:30:30 UTC 2005


On Mon, 2005-03-07 at 09:56, Matt Florido wrote:
> On Mon, March 7, 2005 1:27 am, Rebel said:
> [..]
> >
> > 2. Lets say I want to administer packets at the router
> > level and want to see which packet is going to which
> > machine (both to and fro), what tools/tips and
> > techniques are recommended for the same.
> >
> 
> Check into tcpdump and ethereal.  These are essentially packet capture
> programs, as is snort.  You can add modules to the latter to make it an
> IDS.
> 
> You want to make sure you're either on a promiscuous port on a switch, or
> connected to a hub.  The reason being, switches don't typically repeat
> signals across all ports unless it has the ability to do so (higher end
> switches).  Hubs are simply signal repeaters which means nodes connected
> to a hub sees packets/datagrams even though the destination is another
> node.

All of those tools are very good.  (ethereal, tcpdump, snort, iptraf,
ntop, nessus etc)   

In order of usefulness/importance I would say ethereal, nmap, nessus,
ntop.  Snort is good if you want a network intrusion detection system,
but can be cumbersome to setup.

ettercap is very good as well and can in some cases be used to sniff
switches using a few different methods.

And since you are running wireless connections don't forget kismet and
gkismet.  That tool will forever convince you that nothing on wireless
should be run outside of ssh or VPN even with WEP enabled.


-- 
Scot L. Harris
webid at cfl.rr.com

Newton's Little-Known Seventh Law:
	A bird in the hand is safer than one overhead. 




More information about the fedora-list mailing list