WIRESHARK / TCPDUMP
Wireshark: this is a free download that operates in a GUI format. The sniffer, winpcap, captures the traffic, and Wireshark is used to analyze it.
With Wireshark, you can capture specific protocols or IP addresses. Many different options allowing you to view protocols and flags, and the direction of the data stream.
With Linux, you can use a command-line protocol analyzer, tcpdump. If the capture is saved as a .pcap file it can then be imported into Wireshark making it easier to read.
Specific ports can be port mirrored to capture that traffic. The NIC (Network Interface card) will need to have promiscuous mode enabled. On a Linux system, the can be enabled with the following command: "ifconfig eth0 promisc".
No comments:
Post a Comment