WIRESHARK / TCPDUMP
Wireshark is a free download in GUI format. The sniffer winpcap captures the traffic, and Wireshark analyzes it.
With Wireshark, you can capture specific protocols or IP addresses. It also offers many different options for viewing protocols, flags, and the direction of the data stream.
With Linux, you can use a command-line protocol analyzer, tcpdump. If the capture is saved as a .pcap file, it can be imported into Wireshark, making it easier to read.
Specific ports can be port mirrored to capture that traffic. The NIC (Network Interface card) must have promiscuous mode enabled. On a Linux system, this can be enabled with the following command: "ifconfig eth0 promisc".
No comments:
Post a Comment