Wednesday, January 5, 2011

Sniffers - Tool and Softwares: Network Sniffers

There are three main modes in which Snort can be configured: sniffer, packet logger, and network intrusion detection system.
  • Sniffer mode simply reads the packets off of the network and displays them for you in a continuous stream on the console.
  • Packet logger mode logs the packets to the disk.
  • Network intrusion detection mode is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user defined rule set

The main distribution site for Snort is http://www.snort.org. Snort is distributed under the GNU GPL license by the author Martin Roesch. Snort is a lightweight network IDS, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching.

Snort logs packets in either tcpdump binary format or in Snort's decoded ASCII format to logging directories that are named based on the IP address of the foreign host. In our lab, we start using Snort as a packet sniffer and a packet analyzer. Apart from running in a promiscuous mode, we will also see how it will help us log interesting IPs. Using Snort as a packet sniffer and packet analyzer is an easy process. The man pages are very helpful.
From the command line prompt we set Snort to a verbose display of the packets sniffed and analyzed. e.g. - The command given below captures all the packets belonging to the class C internal IP's of the type 192.168.20.*.
C:\>snort -v -d -e -i etho -h 192.168.20.0/24 -1 log
The '-v' switch brings forth a verbose response.
The '-d' switch helps in dumping the decoded application layer data
While '-e' shows the decoded Ethernet headers.
The '-i' switch specifies the interface to be monitored for packet analysis.
The '-h' switch specifies which class of network packets has to be captured.
The -l option tells snort to dump the packets in the log file.
The packets are captured in hex format by default (this can be changed to binary -b) and sorted by IP address to facilitate easy mapping and decoding of data.
06/22-16:36:44.959860 0:C1:26:E:AF:10 -> 0:A0:C5:4B:52:FC type:0x800 len:0x4D
192.168.2.96:1629 -> 203.124.250.69:53 UDP TTL:128 TOS:oxo ID:38429 IpLen:20 DgmLen:63
Len: 43
00 02 0100 00 00 01 00 00 00 00 00 00 03 77 77 77 .............www
09 61 69 72 6C 69 6E 65 72 73 03 6E 65 74 00 00 .airliners.net..
01 00 01 ...

3 comments:

Anonymous said...

Try to get each of the information from the top pay day loan lenders as well as other finance companies and do a comparison for the credit rates
uk payday loans however, with prepaid credit cards, you set yourself an allowance so you tend not to exceed it.

Anonymous said...

Do you have a disagreeable credit background and cannot avail a
loan that frees you all of your stress and anxieties Bbadcreditloans.Co.uk
be sure to look at different lenders for a home loan as you could possibly be able to obtain a
lender to lessen their rates based on the competitor's rates in this very competitive lending market.

Anonymous said...

Here are only a few of them Corrupt Money Loans Payday Loans : Getting payday loans from the Internet
saves time http://paydayloans364.co.uk/ and we've got never taken a family vacation, except for once in 2000 when i couldn't get
off work, and my family went without me on his or her first
vacation ever.

Post a Comment

You can Ask anything that you like!!!!

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | cna certification