On Feb 24, 2006, at 10:19 PM, Bilal Abdullah Fakhruddin wrote:
Hello,
Recently I am facing problems in my network. Sometimes the network
is fast
and sometimes it is slow. Im a bit familiar with Ethereal, but i
dont know
what I am looking for. Could anybody help me out by pointing out
where i
could start or to any documents available? Thanks in advance.
Regards,
Bilal
You need to start with a baseline or failing that, be prepared to
grab packets during a "slow" period. Remember that a sniffer in a
switched network is subject to the same limits as any other device,
it will only see broadcast packets and packets destined to it. So you
need to "mirror" or "monitor" a port or ports or VLAN. The other
option is to find a link where traffic funnels to and stick a passive
tap or hub in-between the endpoints. I have a network where I keep
three different cables patched and ready to go at a moments notice.
Right now I'm testing Lanhound since it will let you have remote
sniffers feeding back to the master. It is a design much like
Distributed Sniffer from NAI/Network General but it's ALOT cheaper :)
For the initial captures, catch everything, no filters except your
own MAC. Always filter out your own MAC address.
For more information, wander by http://www.packet-level.com/ where
Laura Chappell has some excellent papers, tutorials and more for
folding, spindling and mutilating packets :)
MikeS
hackamac.packetattack.com
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
