Packet sniffers can be setup in 2 main ways:
1, to sniff all trafic thats going in or out from the machine your on.
2, to sniff all traffic going past a certain point (eg, out to the internet) on the network.
Most of the time i use it just to see what a PC is doing, who its talking to, and most importantly what its sending.
Most packet sniffers ive played with do mostly the same thing, caputre packets and let you sort and filter them. WireShark is perfect for the single PC usage, its free, (and open source for those that care)
ill list some examples of when ive needed a packet sniffer, not all relate to my work:
1, i wanted to download lots of pictures from google street view, from about 2km of highway near my place. i opened wireshark, open google maps and went to streetview, then looked at the packet sniffer and it told me where it was getting that data from. it also gave my lots of XML files that would tell me the next location to go it, and what picture that used. so i just wrote a script to enumerate thru a few hundred of them and save the pictures in order, then i just used windows movie maker to stitch them altogether. ended up looking great.
2, was setting up a 3rd party program for one of my client, this program sent shipping notices to the transport company, so they could oganise a pickup. but the program was connecting, it was giving a comms related error. i ran wireshark and see if sent off a request to a FTP location, it authenticated fine, but was failing to store/upload the files. something i did notice tho was the username and password of course are clear text for FTP, and the password looked generic (not specific to my client), i manaully logged on to that site with tho credentials and refreshed the page a few times and started to see other people upload shipping notices, and the they would vanish (a bot must be polling every 2 minutes or so), but i could download these files and see then in clear text again. besides that security program, it showed my the FTP module did not switch to the right transfer mode before upload the files, i had to get my firewall guys to make some changes and it all worked.
3, many many other times, use to see how things work like the stucture of a DNS packet, following HTTP streams (joining the convertsion back and forward), detect broadcast hammers, and just to spy on other people.
Its certainly worth knowing what info you can gather with a packet sniffer, just download and play.
Download it here: http://www.wireshark.org/download.html
Posts
No comments:
Post a Comment