Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Impossible sniffing....

Status
Not open for further replies.
telep

telep

IS-IT--Management
Dec 1, 2005
22
0
0
IT
i've to sniff the entire lan to verify clients internet requests.
i used many software with no results.
in fact softwares find only internet requests that come from my pc (where i've installed sniffers).
Lan contains includes one core switch and more switches (stack configured).
how can i do?
 
Sort by date Sort by votes
Use Ethereal or Packetyzer on your PC/Laptop. Both are freeware (GNU-GPL).
Setup a SPAN port on your Core switch, where the source is the connection to your Internet router, and the destination is the port where your PC/laptop is connected.
(I assume that your Internet connection is connected to the Core switch)

When sniffing using Packetyzer, go to the "Protocols" and rightclick Hypertext Transfer protocol, and select "Show Packets". Single click on the "Summary" header, again single click on the "Summary" header. Now you see a list of HTTP GET and/or HTTP POST entries.

When sniffing using Ethereal, stop the trace. In the "Filter:" field, enter HTTP and click Apply.
Single click the "Info" header, again single click the "Info" header. Now you see a list of GET and/or POST entries.
(click on Clear to get back the original trace).

Happy hunting.
 
Upvote 0 Downvote
Do as the previous poster said with the caveat you may not see everything if you span the entire vlan as it is possible you will overrun the span port if you have the entire vlan spanned down to one port .
 
Upvote 0 Downvote
A sure fire way to capture everything is to install a simple hub (not a switch) between your Internet router and your network. But of course this may not be a good long-term solution. But if you have a hub inbetween your switch and Internet router and plug your Ethereal enabled PC onto that same hub then you can see everything that passes through if you set your app to capture in promiscuous mode.
 
Upvote 0 Downvote
Thats what I was going to add - make sure you set the software to capture packets in promiscuous mode. This means that ALL traffic will be analyzed, not just traffic desitined for or sent from you.

'When all else fails.......read the manual'
 
Upvote 0 Downvote
If you are trying to "verify" users' Internet requests you will be better served by installing a transparent proxy between your router and Internet connection. The transparent proxy will trap every web request and forward it to the desired host. It can log, block certain requests and cache information from commonly visited sites, increasing network throughput (theoretically).

Many firewalls have an integrated transparent proxy. A Linux box with Squid will do it as well. There are many free Linux firewalls available on the net. All you have to do is provide the computer with at least 2 NICs.


pansophic
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Max5Pier
  • Locked
  • Question
Sniffing Full or Half duplex ?
Replies
4
Views
30
Max5Pier
Max5Pier

Part and Inventory Search

Sponsor

Back
Top