Packet Sniffing

Cork Skate · 20-02-2006 12:19am #1

Hi there, just wondering are there any more packet sniffers out there other than ethereal ??

Cork Skate · 20-02-2006 12:32am

bedlam wrote:

plenty

Thats my mistake

Sorry, i should have added ... sniffers that people have used and that they know are reliable, they have good features and it is easy to obtain the information and that the programme illustrates the information of a capture in a user-friendly way.

Basically i am trying to avoid downloading every single packet sniffer and installing and testing it, obviously google will throw up as many as i want, but its not really a packet sniffer that i am after, its is more the information about users experiences with sniffers, if you get me !!

Screaming Monkey · 20-02-2006 1:50am

...have used the Sniffer Portable and Etherpeek products a lot, excellent decodes and reporting, but there gonna cost you, especially the "sniffer portable" product line.

Sniffer Portable
http://www.networkgeneral.com/Products_details.aspx?PrdId=20046243936754&CatId=1

Etherpeek
http://www.wildpackets.com/products/etherpeek/overview

MiCr0 · 20-02-2006 1:59am

i use ethereal every day - and i can't fault it.
there's even a version for linux/solaris - to save having to drag files back and forward.

also, you capture with just about any capture program (snoop/tcpdump) and load it directly.

very handy

MiCr0 · 20-02-2006 2:01am

and ethereal is also free

Karoma · 20-02-2006 2:08am

Sorry, i should have added ... sniffers that people have used and that they know are reliable, they have good features and it is easy to obtain the information and that the programme illustrates the information of a capture in a user-friendly way.

Reads as:
Wanted: Idiot proof sniffer, that dumps information based on the click of a button (POP3, WWW, etc.)
..eh?

Cork Skate · 20-02-2006 2:33am

Karoma wrote:

Reads as:
Wanted: Idiot proof sniffer, that dumps information based on the click of a button (POP3, WWW, etc.)
..eh?

Thats exactly it .... i am doing a project on security for small to medium businesses and its primarily toolkit, but i want them to do a security and information audit before they use the toolkit. Its to facilitate them adopting a good security policy with limited resources/budget .... i am trying to approach it so that there will be three tiers of difficulty for users, so as was said earlier ethereal is perfect and i dont have to go any further, i want to source what else is out there and if its easier to use, i'll suggest it.

Cork Skate · 20-02-2006 4:44pm

bedlam wrote:

Well don't use ethereal "live" then, it has been plagued with security issues and there are many exploits available (although currently none for the latest version).

As to other sniffers it really depends on what information you want to get back. You could go with something like Dsniff which would give you things like passwords, http traffic, smtp traffic. Snort (an IDS) which will alert you to any attacks on the network. TCPDump like ethereal will show you all traffic on a network.

Bedlam .... thanks a million. Thats a great help.
If i need anything else or if i find anymore info, i'll bump this up again.

Cheers lads.

NutJob · 20-02-2006 6:06pm

Can i recommend some of the bootable linux distros whax,auditor, the new fangled one at www.remote-exploit.com all come with sniffers plus good hardware support and lazy person support.

Packet Sniffing

Comments