Sniffing packets on the wire

TheMSsForum.com: The Microsoft Software Forum

How do you remotely sniff packets on a server to find out what activity is going on that machine

I know you can sniff through packet analyzers like ethereal but how do sniff just about any traffic going over the wire on a particular machine or server

I am new to packet sniffers and network protocol analyzer

Any help would be appreciated

Ripul
Top

Re: Sniffing packets on the wire by Robert

Robert
Sat Jun 05 18:10:36 CDT 2004

Ripul wrote:
> How do you remotely sniff packets on a server to find out what
> activity is going on that machine.
>
> I know you can sniff through packet analyzers like ethereal but how
> do sniff just about any traffic going over the wire on a particular
> machine or server.
>
> I am new to packet sniffers and network protocol analyzers
>
> Any help would be appreciated.

If "Remotely" means without touching the server at all, I'd log into the
switch it was connected to, get it to echo the port the server is using to
an un-used port, then plug my sniffer into the un-used port. Job done.


Top

Re: Sniffing packets on the wire by S

S
Sat Jun 05 21:42:58 CDT 2004

Just to add to that: some time ago Cisco had a vulnerability in the Web
management interface of their switches, allowing to configure the switch
without proper authorisation. I observe switches that have this problem
still in wide use. That vulnerability allows anybody physically connected to
the same switch, sniff traffic to any/all of the systems, then use software
packages like Cain and Abel to extract all sorts of logon credentials.

--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-

"Robert Moir" <bofh@mvps.org> wrote in message
news:eG3pNJ1SEHA.3672@TK2MSFTNGP10.phx.gbl...
> Ripul wrote:
> > How do you remotely sniff packets on a server to find out what
> > activity is going on that machine.
> >
> > I know you can sniff through packet analyzers like ethereal but how
> > do sniff just about any traffic going over the wire on a particular
> > machine or server.
> >
> > I am new to packet sniffers and network protocol analyzers
> >
> > Any help would be appreciated.
>
> If "Remotely" means without touching the server at all, I'd log into the
> switch it was connected to, get it to echo the port the server is using to
> an un-used port, then plug my sniffer into the un-used port. Job done.
>
>


Top

Re: Sniffing packets on the wire by Robert

Robert
Sun Jun 06 04:04:07 CDT 2004

S. Pidgorny <MVP> wrote:
> Just to add to that: some time ago Cisco had a vulnerability in the
> Web management interface of their switches, allowing to configure the
> switch without proper authorisation. I observe switches that have
> this problem still in wide use. That vulnerability allows anybody
> physically connected to the same switch, sniff traffic to any/all of
> the systems, then use software packages like Cain and Abel to extract
> all sorts of logon credentials.

Thats pretty bad....


Top

Re: Sniffing packets on the wire by Karl

Karl
Sun Jun 06 12:44:53 CDT 2004

Read the FAQs at the following sites.

www.ethereal.com
www.robertgraham.com [the IDS faq]


"Ripul" <anonymous@discussions.microsoft.com> wrote in message
news:ACFEF829-E9B4-4681-8B36-BAB591A006A8@microsoft.com...
> How do you remotely sniff packets on a server to find out what activity is
going on that machine.
>
> I know you can sniff through packet analyzers like ethereal but how do
sniff just about any traffic going over the wire on a particular machine or
server.
>
> I am new to packet sniffers and network protocol analyzers
>
> Any help would be appreciated.
>
> Ripul


Top