Sniifing the LAN

[SeekerOfKnowledge]

How is it possible to be notified of all the packets that
go through the LAN ? (UDP and TCP)
I understand this involves setting the Network Adapter to
the Promiscuous Mode (maybe I misspelled ?).
What is the API to acheive this ?
I am using WinSock 2 on WinNT 4.0
Thank you

 

[Guest_imported]

Try Ethereal. Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.

You can specify whether the interface is to be put in promiscuous mode or not with the Capture packets in promiscuous mode check box.

http://www.ethereal.com/

 

[Guest_imported]

I must also add the following advice: If you are on a switched network, then you cannot capture every frame on the network without configuring the switch equipment for port monitoring (assuming you use IEEE 802.3).

In Cisco 4000/5000 series IOS, you would use the set span command to designate source (monitored) and destination (listening) ports. Here’s an example output from one of my switches:

2948G Core> (enable) set span ?
Usage: set span enable
set span disable
set span <src_mod/src_ports...> <dest_mod/dest_port>
[rx|tx|both] [inpkts <enable|disable>]
set span <src_vlan> <dest_mod/dest_port>
[both] [inpkts <enable|disable>]