I am ShadowLord» packet analysis http://iamshadowlord.com Interesting to me Mon, 26 Mar 2012 03:41:08 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Wireshark 1.2.0 – New Version http://iamshadowlord.com/2009/06/wireshark-1-2-0-new-version.html http://iamshadowlord.com/2009/06/wireshark-1-2-0-new-version.html#comments Tue, 30 Jun 2009 02:32:00 +0000 Hans http://iamshadowlord.com/?p=23 Wireshark is a tool that performs packet and protocol analysis on a network. Packets are the virtual transport mechanism that moves are data from sender to receiver. Each packet has a header and payload – the header contains information about where the packet came from and where it’s going, as well as the protocols being used. The payload has our actual digitized data – parts of website, text, a section of photo, or a clip of audio from an MP3 or a phone call. If you don’t get all of the packets then a phone call may sound choppy or it may take a while to download a complete file. Wireshark allows you to take a look at the packets you are sending and receiving and learn a lot more about what it happening and what’s breaking down. Wireshark is not for the lighthearted, as the tool requires knowledge of protocols and a deep understanding of OSI, IP, and TCP/UDP at the very least. But, with time, Wireshark becomes invaluable to the troubleshooting process. I have relied on the tool for my work supporting Voice-over-IP (VoIP) and system and application connectivity. The only side-effect to Wireshark is that you will soon realize why it’s not a good idea to surf the web in a public spot (without a VPN or encryption).

The new version of Wireshark includes more protocols that it will decode, supports 64-bit Windows, and has GeoIP integrated support. Also, Wireshark works perfectly with my passive network cable. Visit www.wireshark.org to download the latest version and learn more about it.
]]> http://iamshadowlord.com/2009/06/wireshark-1-2-0-new-version.html/feed 0 Passive Packet Capturing http://iamshadowlord.com/2007/05/passive-packet-capturing.html http://iamshadowlord.com/2007/05/passive-packet-capturing.html#comments Tue, 29 May 2007 18:11:00 +0000 Hans http://iamshadowlord.com/?p=4 User A to User B packet data traffic can be monitored through a HUB by User C using a “receive‑only” Ethernet cable.

On the HUB end of the cable, there is a loop between TX and RX to activate the HUB port. Any traffic through the HUB will now include this port in the broadcasts.

User C taps onto the loop by its receive pins.

Once the connections are made to the HUB, User C will receive all packets that flow through the HUB, but User C will not transmit any packets towards the HUB (no DHCP requests and no ARP requests).

The NIC on User C is in promiscuous mode capturing all incoming packets only.

Using a receive-only Ethernet cable in this configuration allows for the ability to passively capture packets, while not actively being a part of the network.

Network administrators can actively test for devices in promiscuous mode, monitor for DHCP and ARP requests, and review MAC tables to determine the presence of a packet analysis tool.

]]> http://iamshadowlord.com/2007/05/passive-packet-capturing.html/feed 1