Real-Time Network monitoring

Discussion in 'Computer Security' started by Damjan, Jan 30, 2004.

  1. Damjan

    Damjan Guest

    Hi!

    I'm wondering, if somewhere exist some tool, that can monitor tcp/ip over
    all network one ane computer? I use switch and have 5 computers in network.
    Can I monitor traffic during them on my box?


    Greets
    D
     
    Damjan, Jan 30, 2004
    #1
    1. Advertising

  2. "Damjan" <> wrote in message
    news:DBsSb.3242$%...
    > Hi!
    >
    > I'm wondering, if somewhere exist some tool, that can monitor tcp/ip over
    > all network one ane computer? I use switch and have 5 computers in

    network.
    > Can I monitor traffic during them on my box?


    Ethereal is a good Freeware sniffer, but they'll all have problems with a
    switch (this directs traffic directly between [generally] two ports and
    prevents the traffic from being monitored).

    A hub will work just fine, if you don't have the sort of high-end switch
    that directly supports sniffing.

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Jan 30, 2004
    #2
    1. Advertising

  3. Damjan

    Grunt Guest

    "Hairy One Kenobi" <abuse@[127.0.0.1]> seems to think in
    news:HNtSb.13832$:

    > "Damjan" <> wrote in message
    > news:DBsSb.3242$%...
    >> Hi!
    >>
    >> I'm wondering, if somewhere exist some tool, that can monitor tcp/ip
    >> over all network one ane computer? I use switch and have 5 computers
    >> in

    > network.
    >> Can I monitor traffic during them on my box?

    >
    > Ethereal is a good Freeware sniffer, but they'll all have problems
    > with a switch (this directs traffic directly between [generally] two
    > ports and prevents the traffic from being monitored).
    >
    > A hub will work just fine, if you don't have the sort of high-end
    > switch that directly supports sniffing.
    >


    Windows NT server has a network monitor application included that will
    monitor and filter any packet on the local machine.

    The driver must be installed.

    Windows SMS includes a "promiscuous mode" driver that will sniff packets on
    the entire LAN.


    --
    -- ipgrunt
     
    Grunt, Jan 30, 2004
    #3
  4. Grunt,

    As Hairy stated promiscuous mode only works on data that gets put on that
    line. With real switches traffic between two PC will not be seen by a
    third.



    --
    Regards,

    Lawrence A. Rodis
    President
    Strategic Resource Consulting Group L.L.C.
    702-221-6274

    www.strategicresource.com

    "Grunt" <> wrote in message
    news:Xns94808DE2FAE2Dgruntnowherecn@130.133.1.4...
    > "Hairy One Kenobi" <abuse@[127.0.0.1]> seems to think in
    > news:HNtSb.13832$:
    >
    > > "Damjan" <> wrote in message
    > > news:DBsSb.3242$%...
    > >> Hi!
    > >>
    > >> I'm wondering, if somewhere exist some tool, that can monitor tcp/ip
    > >> over all network one ane computer? I use switch and have 5 computers
    > >> in

    > > network.
    > >> Can I monitor traffic during them on my box?

    > >
    > > Ethereal is a good Freeware sniffer, but they'll all have problems
    > > with a switch (this directs traffic directly between [generally] two
    > > ports and prevents the traffic from being monitored).
    > >
    > > A hub will work just fine, if you don't have the sort of high-end
    > > switch that directly supports sniffing.
    > >

    >
    > Windows NT server has a network monitor application included that will
    > monitor and filter any packet on the local machine.
    >
    > The driver must be installed.
    >
    > Windows SMS includes a "promiscuous mode" driver that will sniff packets

    on
    > the entire LAN.
    >
    >
    > --
    > -- ipgrunt
    >
     
    Lawrence Rodis, Jan 31, 2004
    #4
  5. Damjan

    Damjan Guest

    > Grunt,
    >
    > As Hairy stated promiscuous mode only works on data that gets put on that
    > line. With real switches traffic between two PC will not be seen by a
    > third.


    To see traffic between 2 computers with a third must I have some kind of
    router? Am I correct?

    Greets
    D
     
    Damjan, Jan 31, 2004
    #5
  6. "Damjan" <> wrote in message
    news:2zUSb.3684$%...
    > > Grunt,
    > >
    > > As Hairy stated promiscuous mode only works on data that gets put on

    that
    > > line. With real switches traffic between two PC will not be seen by a
    > > third.

    >
    > To see traffic between 2 computers with a third must I have some kind of
    > router? Am I correct?


    The exact opposite (in complexity & cost terms) - a common-or-garden hub is
    what you need.

    There's almost certainly an exception out there somewhere, but every SOHO
    router that I've come across includes a switch, rather than a hub.

    H1K
     
    Hairy One Kenobi, Feb 1, 2004
    #6
  7. Damjan

    Damjan Guest

    > The exact opposite (in complexity & cost terms) - a common-or-garden hub
    is
    > what you need.
    >
    > There's almost certainly an exception out there somewhere, but every SOHO
    > router that I've come across includes a switch, rather than a hub.
    >
    > H1K


    Do the hub have buil-in firewall and monitoring tools, or how can I wiht hub
    monitoring traffic that is between other computers?

    Greets
    D
     
    Damjan, Feb 1, 2004
    #7
  8. Damjan

    Bit Twister Guest

    On Sun, 1 Feb 2004 18:58:41 +0100, Damjan wrote:

    > Do the hub have buil-in firewall and monitoring tools, or how can I wiht hub
    > monitoring traffic that is between other computers?


    a hub is the cheapest/no feature pice of hardware.
    It is dumb. When you ping one of your systems, the hub brodcasts the
    ping to all the ports on the hub. When it does that and the other
    systems try to talk to someone else they have to back off and wait
    until the line is clear.

    A switch is a litle smarter. It sends the ping to the target machine
    and the other boxes can talk to other machines connected to the switch
    at the same time.

    Now your router, has the most brains. The features on the router will
    depend on the bucks you want to pay with.
     
    Bit Twister, Feb 1, 2004
    #8
  9. "Bit Twister" <> wrote in message
    news:...
    > On Sun, 1 Feb 2004 18:58:41 +0100, Damjan wrote:
    >
    > > Do the hub have buil-in firewall and monitoring tools, or how can I wiht

    hub
    > > monitoring traffic that is between other computers?

    >
    > a hub is the cheapest/no feature pice of hardware.
    > It is dumb. When you ping one of your systems, the hub brodcasts the
    > ping to all the ports on the hub. When it does that and the other
    > systems try to talk to someone else they have to back off and wait
    > until the line is clear.
    >
    > A switch is a litle smarter. It sends the ping to the target machine
    > and the other boxes can talk to other machines connected to the switch
    > at the same time.
    >
    > Now your router, has the most brains. The features on the router will
    > depend on the bucks you want to pay with.


    (The main point being that what is destined for Machine A [as sent by
    machine B] is never seen by Machine C. If Machine C is running your sniffer,
    then it's not going to see an awful lot..)

    HTH

    H1K
     
    Hairy One Kenobi, Feb 1, 2004
    #9
  10. Damjan

    Damjan Guest

    > (The main point being that what is destined for Machine A [as sent by
    > machine B] is never seen by Machine C. If Machine C is running your

    sniffer,
    > then it's not going to see an awful lot..)
    >
    > HTH
    >
    > H1K


    On that example.. it is imposible to monitor traffic on machine C?
     
    Damjan, Feb 2, 2004
    #10
  11. "Damjan" <> wrote in message
    news:i1qTb.3758$%...
    > > (The main point being that what is destined for Machine A [as sent by
    > > machine B] is never seen by Machine C. If Machine C is running your

    > sniffer,
    > > then it's not going to see an awful lot..)


    > On that example.. it is imposible to monitor traffic on machine C?


    Yes. The switch will direct traffic directly between A & B. Nothing else
    will see it.

    This also breaks Windows Load Balancing (now Network Load Balancing), as I
    got to find out the hard way :eek:\

    Changing to a hub means that all machines see all traffic. In my home setup,
    I have a hub between the cable modem and the main router/switch to sniff the
    Internet side of the connection.

    In this (fairly old) shot, http://tinyurl.com/3959a, the cabling runs

    Cable Modem --- Hub (the bit with the wires) -- Router/DMZ -- Router/LAN

    If I wanted to sniff inside the DMZ, say, then I'd have to wire things thus:

    Cable Modem -- Router/DMZ -- Hub -- Router/LAN

    and plug *all* of the DMZ servers into the hub.

    H1K
     
    Hairy One Kenobi, Feb 2, 2004
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Drx
    Replies:
    2
    Views:
    689
  2. Tzam
    Replies:
    0
    Views:
    345
  3. Replies:
    1
    Views:
    550
    Jack \(MVP-Networking\).
    Feb 18, 2008
  4. Replies:
    0
    Views:
    466
  5. Replies:
    2
    Views:
    793
Loading...

Share This Page