Good sniffer software

Could somebody recommend me some good
network "sniffer" software that could be used
to intercept data on the LAN where I am sysadm.

I would like to test security of our corporate
LAN (some 300 workstations, 25 servers)
which is entirely based on HP Procurve
switches (so, therefore there is no single
broadcast Ethernet domain). In short, I would
like to see if it is still possible that someone
installs some network equipment (PC+software)
and "sniff" data on the network.

Any pointer to software that could be used
for testing or any other related URL is
more than welcome.

Zorpetus

Zorpetus said in news: m:
> Could somebody recommend me some good
> network "sniffer" software that could be used
> to intercept data on the LAN where I am sysadm.
>
> I would like to test security of our corporate
> LAN (some 300 workstations, 25 servers)
> which is entirely based on HP Procurve
> switches (so, therefore there is no single
> broadcast Ethernet domain). In short, I would
> like to see if it is still possible that someone
> installs some network equipment (PC+software)
> and "sniff" data on the network.
>
> Any pointer to software that could be used
> for testing or any other related URL is
> more than welcome.

Ethereal (http://www.ethereal.com/) had been suggested to me when I
asked about monitoring my traffic. Never got around to trying it,
though.

--
__________________________________________________ __________
*** Post replies to newsgroup. Share with others.
*** Email: domain = ".com" and append "=NEWS=" to Subject.
__________________________________________________ __________

*Vanguard*

On 2004-05-15 19:10:39 -0500, "*Vanguard*"
<no-> said:

> Zorpetus said in news: m:
>> Could somebody recommend me some good
>> network "sniffer" software that could be used
>> to intercept data on the LAN where I am sysadm.
>>
>> I would like to test security of our corporate
>> LAN (some 300 workstations, 25 servers)
>> which is entirely based on HP Procurve
>> switches (so, therefore there is no single
>> broadcast Ethernet domain). In short, I would
>> like to see if it is still possible that someone
>> installs some network equipment (PC+software)
>> and "sniff" data on the network.
>>
>> Any pointer to software that could be used
>> for testing or any other related URL is
>> more than welcome.
>
> Ethereal (http://www.ethereal.com/) had been suggested to me when I
> asked about monitoring my traffic. Never got around to trying it,
> though.

I'd say that Ethereal would be a very good choice, but I would also
look into ettercap. Ettercap has the ability to arp poison a switch and
intercept traffic even if there is not a single broadcast domain. I've
used both, and both are very good. Ettercap also has the ability to
detect other ettercap users on the network, so you can discover is
someone else is sniffing your network with that tool...
--
Seraph
www.geekgalore.com

You must be the change you wish to
see in the world." ~Mohandas Ghandi

Seraph

Zorpetus wrote:

> Could somebody recommend me some good
> network "sniffer" software that could be used
> to intercept data on the LAN where I am sysadm.
>
> I would like to test security of our corporate
> LAN (some 300 workstations, 25 servers)
> which is entirely based on HP Procurve
> switches (so, therefore there is no single
> broadcast Ethernet domain). In short, I would
> like to see if it is still possible that someone
> installs some network equipment (PC+software)
> and "sniff" data on the network.
>
> Any pointer to software that could be used
> for testing or any other related URL is
> more than welcome.

You want Dsniff.
http://monkey.org/~dugsong/dsniff/

A bit of info..
====
In a nutshell, dsniff is the Swiss army knife of privacy invasion. The
package ships with a handful of powerful tools, including urlsnarf, webspy,
mailsnarf, and the dsniff tool. Urlsnarf grabs every URL that passes across
the wire and stores it for later examination. Webspy can grab URLs off the
wire and open the URL in your local browser window so you can follow along
and view what a remote user is seeing on his or her Web browser. Mailsnarf
is just as nasty as webspy?it can sniff SMTP-related packets off the wire
and reassemble entire email messages into a common format that popular mail
clients can read. The dsniff tool is one of the most powerful password
grabbers I've seen. It can snag passwords off the wire from many different
protocols, including FTP, Telnet, Web, POP3, IMAP, LDAP, Citrix ICA,
pcAnywhere, SMB, Oracle SQL*Net, and numerous others.

Even though the tools found in the dsniff package are written for UNIX
platforms, you still need to be aware that these tools exist because they
could be used against your Windows-based networks. Song's package is
incredibly powerful, whether used with good or bad intent. The tools point
out a well-known problem with networks in general: malicious users can
easily sniff clear text from packets to glean sensitive data. Although
blocking ARP redirects and monitoring ARP traffic and tables can help
protect against tools like arpredirect, those tactics are certainly not
cure-alls. They help prevent packets from becoming misdirected, but most
data still travels in clear text over your networks, which means localized
intruders can glean sensitive data with packet-sniffing tools. To better
protect your data, you must encrypt it at some level before sending it out
on the wire, and you must use sniffer-detecting tools to help stop the
snoops.

The decision about which tactics to use for data protection depends on your
data and your organization, so I can't give you much more advice on the
matter. Just be aware that ARP poisoning and data sniffing are real
problems that you need to guard against. Until next time, have a great
week.

XC-88-1K-4