Wednesday, October 29, 2008

Using a packet sniffer for network packet analysis

A packet sniffer may seem like a humble addition to a network professional's toolkit, but when used correctly, packet sniffers (also known as protocol analyzers) can hone in on any number of network problems. "Practical Packet Analysis: Using Wireshark to solve real-world network problems" author Chris Sanders uses protocol analyzer Wireshark for packet analysis almost daily for his network administration job, where he manages nearly 5,000 users (plus 20 servers and more than 1,800 workstations).

To learn from Sanders' experiences and to help you troubleshoot your network, SearchNetworking.com interviewed Sanders by email. Here, Sanders explains how packet sniffers sniff and analyze network traffic.
_____________________________
By Tessa Parmenter

29 Oct 2007 | SearchNetworking.com

What are the main things a sniffer can detect on a network?
I think that network admins, much of the time, are only as good as the collection of tools they have at their disposal. A packet sniffer is just that, a tool. With computer networks, we often have to rely for our troubleshooting on what interfaces tell us is happening. A packet sniffer is a tool that allows you to get past all of the fancy interfaces and misleading error messages to see what exactly is going on at the lowest levels of network communication. Packet sniffers can show you all sorts of things going on behind the scenes, including unknown communication between network devices, actual detailed error codes provided by layer-specific protocols, and even poorly designed programs going crazy. As [radio broadcaster] Paul Harvey would say, a packet sniffer is a tool that lets you find "the rest of the story." It is essential for any network admin's toolkit.

When you're selecting a packet sniffer, what should you be looking for?
There are several considerations, but some of the biggest are the supported protocols of a sniffer, the platforms the sniffer runs on, the support provided for the software, and the cost. However, the most important thing is your level of comfort with using the software. Some packet sniffers are totally command-line based. Many people just aren't comfortable with that; others wouldn't want to use anything else. Once you get past all of the technical considerations, it is really just a matter of what you feel comfortable using. I typically find that once people get into packet analysis, they usually spend a lot of time doing it. I like to think of it like decorating your office. If you are going to be spending a lot of time in it, you want it to be a place where you are comfortable. The same goes for selecting a packet sniffing application!

What are the commercial products that compare with Wireshark? Are there similar open source and/or free tools, and how do these compare with Wireshark and one another?
Some of the alternatives to Wireshark include commercial products such as Etherpeek, Colasoft Capsa and Sniff'Em, as well as free products such as Ettercap and Tcpdump. What sets Wireshark apart from most of these is that it is the most widely used, so it provides a larger number of supported protocols and has a user-driven support base that is unrivaled. The only thing the commercial products typically offer special is their ability to produce reports that are more suited to less technical users.

How does a packet sniffer relate to the OSI model?
In order to really understand what is going on when you try to analyze things at the packet level, you have to have a very thorough understanding of what the OSI model is and how data moves through it. Trying to sniff packets without understanding the basic concepts of the OSI model is like trying to drive a race car without knowing how to drive a stick shift.

Is packet sniffing one of the causes of a slow network?
The only time packet sniffing can cause a network to run slow is when it is placed improperly on a network. One of the most crucial parts of the packet sniffing process is placing your sniffer in an appropriate location on the network. Not only will this ensure you get the exact data you need, but it will also make absolutely certain that your presence on the network doesn't affect its performance. I devote a whole chapter of my book to analyzer placement.

How is sniffing wireless any different from sniffing any wired network traffic?
Wireless sniffing is a completely different animal from that of a wired network. You have to employ different strategies of analyzer placement, put extra consideration into wireless-specific things such as signal strength, and deal with all kinds of extra wireless management packets. It is usually a good idea to understand basic packet sniffing before moving into the realm of wireless sniffing. My book includes an entire chapter devoted to the particulars of wireless packet sniffing.

How can you prevent someone with a packet sniffer from hacking your network?
Unfortunately, hackers are always going to be one step ahead. There is no such thing as an unbreakable network, and if a hacker wants in badly enough, he will probably get in. The most a network admin can hope to do is take steps to prevent this type of thing from happening. This starts and ends with the most overlooked aspect of security: physical security. It is amazing how easily a stranger can walk into a company, plug a laptop into an empty port in a vacant room, and begin to sniff network secrets. The key here is to focus on your organization's front door as much as you do on its firewall doors.

Tuesday, October 21, 2008

Capsa 6.9 Newly Released!!


Capsa 6.9 Newly Released


Packet Sniffer for Network Monitoring and Troubleshooting.Most easy-to-use network analyzer (packet sniffer or protocol analyzer) for performance monitoring, protocol analyzing, packet decoding, and network diagnosing.



What's New


View IP address and Hostname at Same Time
Capsa will automatically resolve hostname and display it in its interface. In version 6.8 users may view only the hostname or the IP address at a time, if they want to view another value, they need to switch manually. In 6.9 users can directly view both the IP address and the hostname at the same time, which provides correlation between the two values

Support ISL Protocol Decoding
Cisco Inter-Switch Link (ISL) is a Cisco Systems proprietary protocol that maintains VLAN information as traffic flows between switches and routers, or switches and switches. It is a protocol to encapsulate traffic from different vlans, and tag them for latter specification. Now all trunk traffic between switch -- switch or router -- switch can be decoded and the context inside of the trunk link can be analyzed.

Support FCoE Protocol Decoding
Fibre Channel over Ethernet (FCoE) is a proposed mapping of Fibre Channel frames over selected full duplex IEEE 802.3 networks. This allows Fibre Channel to leverage 10 Gigabit Ethernet networks while preserving the Fibre Channel protocol. The specification is supported by a large number of network and storage vendors, including Cisco, EMC, HP, IBM, Intel, and Sun Microsystems.

Wednesday, October 15, 2008

Gorgeous matrix view in capsa new 6.9!!!



click here to enlarge the img.

Monday, October 13, 2008

Academic Users Need Packet Sniffer Software.


A packet sniffer (also known as a network sniffer, network analyzer or protocol analyzer or, for particular types of networks, an Ethernet sniffer or wireless sniffer) is computer software or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and eventually decodes and analyzes its content according to the appropriate RFC or other specifications.

Why Academic Users Need Packet Sniffer Software

For an academic network administrator who needs to make sure the network is running smoothly and reliably, he needs packet sniffer software for:

-Monitoring network performance around the clock, -Supervising various kinds of network behaviors, -Protecting network from suspicious intentions and attacks, -Discovering network loopholes and network bottlenecks, -Identifying and troubleshoot network problems in time, For an academic teaching staff who needs to explain and demonstrate conceptual items to his students, he needs packet sniffer software for:

-Demonstrating how a service (such as DNS, DHCP) works for your network, -Demonstrate the detail information within a packet of some sort of specific protocol, -Demonstrate the network behaviors of an application,

For an academic researcher and developer, he needs packet sniffer software for:

-Network protocols research purpose -Debug network relied applications

For an academic student, he needs packet sniffer software for his studying and researching purposes.

Suggested Packet Sniffer Software Wireshark Packet Sniffer

Wireshark is a free network packet sniffer developed by an international team of networking experts. Its key features include:

-Deep inspection of hundreds of protocols, with more being added all the time -Live capture and offline analysis -Standard three-pane packet browser -Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others -Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility -The most powerful display filters in the industry -Rich VoIP analysis

Colasoft Packet Sniffer

If you are looking for a cost-effective and easy-to-use packet sniffer, then you should take a look at Capsa, a packet sniffer produced by Colasoft Co., Ltd. Its key features include:

-Monitor traffic and bandwidth details in graphs and numbers. -Automatically diagnoses network and suggests solutions. -Able to identify and analyze 300+ network protocols. -Provides packet summary and decoding information. -Monitors site visits, email contents, online chats, and more. -Lists all hosts in network with details (traffic, IP, MAC, etc.). -Visualizes the entire network in an ellipse, showing connections and traffic. -Monitor all conversations and reconstruct packet stream. -Free built-in tools to create and replay packets; scan and ping IPs. -Quick generates reports of most concerned items.

You can download a trial version of Colasoft packet snfifer at www.colasoft.com Willis is a professional writer in network management field.You can find more information about packet sniffer and network analyzer software at www.colasoft.com

Sunday, October 12, 2008

Free counter and web stats