Packet Sniffing

[Tachyon]

Anybody have a favourite? I'm using Wireshark for the first time (ever sniffing) and this is some really cool shit.

[gangals]

Are you wanting to do something specific or just messing around?

[Tachyon]

Messing around now, but when I sober up I'd like to apply the techniques learned.

[s1acker]

Yeah Wireshark is a good app. I used it when it was called Ethereal. I've never used the windows version only used it on linux. Which OS are you running it on? I was wondering if there are any differences really.

[cricket]

Yeah Wireshark is a good app. I used it when it was called Ethereal. I've never used the windows version only used it on linux. Which OS are you running it on? I was wondering if there are any differences really.

The only real difference I see between using Ethereal on linux and windows, is what you can do with the network information once you gather it.
It's one thing, to see if there is rogue processes using network resources, it's another thing entirely to be writing and testing programs that use the network stack. One thing that I was using it for was to test the modifications I was making to the TCP/IP stack athe time. Never be able to do that on a windows box!
I've never seen a stateful packet filter for windows that even comes close to iptables. 

If you are serious about using ethereal tachyon, you really should be testing\developing on a platform that you can easily make use of the data that your collecting. Btw if you are running linux, check out packlib.

[Lestan Gregor]

I use Cain and Able as well as Wireshark. They're the only worthwhile programs for Windows.

[cricket]

I use Cain and Able as well as Wireshark. They're the only worthwhile programs for Windows.

Yeah, and IDA Pro and SoftICE that's all I need.
And, And, And my thermos, THAT'S all I need.
And Elcomsoft Password Recovery Studio, yeah that's all I need.
And NTPWD yeah that's it.
And My dog.

[RijilV]

careful running wireshark as a privileged user... numerous exploits and bugs in that code.  Best to capture the packets with tcpdump then use something to analyze them as a non-privileged user.

[Mace]

Airopeek NX, airsnort (pain in the ass to set up on windows tho) and airsnare are also good.

[Zazen]

Wireshark's my favorite.

[trevelyn]

http://www.zombie.el.cx/texts/hacking/pdfs/pentesing.pdf

under the quick intro to MITM.

I showed you how to dsniff a long time ago when Weak-Net was at its prime, don't you remember Tachyon?  Shame on you.

[gangals]

OMG, it's

trevelyn
!?!?!?!

[Nod]

OMG, it's

trevelyn
!?!?!?!

Quick! Someone play the themesong to Welcome Back Kotter!

[trevelyn]

Gangals I have missed you too!  I pinged you on IRC cos i had a VoIP question that Brad ended up answering.  I keep the IRC @ a screen session, so i idle a lot, im not ignoring you.