Which is just what we want in order to sniff all the traffic. These beauties repeat all Ethernet frames arriving at one port to all the other ports on the hub, You might also get lucky and find a used hub on ebay.
active hubs) are hard to find these days,īut if you're fortunate enough to own one of those old jewels then make sure to hold on to it. I will here explain some of the most usual ways to achieve this. So if you wanna capture traffic from other hosts on the network you somehow need to force that traffic to passes by your NIC. So your NIC nowadays only gets broadcast packets and packets addressed to your NIC. Many “n00bs” fire up Wireshark on their own PC expecting to be able to sniff all traffic passing through an Ethernet network.īut the 90's are long gone, and all hubs have been replaced by switches, Which is why I decided to write this sniffing tutorial. It takes a while to learn how to do it properly, but there is not much new to learn once you've gotten the hang of it.īeing able to capture network traffic reliably is, however, essential in order to perform network traffic analysis or network forensics, Not even an expert like Richard Bejtlich,Ĭapturing traffic, on the other hand, is more like a craftsmanship Network traffic analysis is a field where there is always something more to learn and where nobody, To the expert who understands all protocol layers and can investigate traffic packet-by-packet. sniffing) the traffic and analyzing the captured traffic.Īnalyzing the network traffic can be done on many different levels,įrom the novice's level where IP addresses and layer 7 protocols are listed I divide the field of network forensics and network security monitoring into two disciplines Ĭapturing (a.k.a. The second part covers how to best capture the network traffic to disk once you've managed to have them sent to your network card.
how to get the packets to arrive to your network card. This first part covers how to intercept the traffic, i.e. This blog post is the first part of a two-part tutorial that shows how to sniff network traffic.
Sniffing Tutorial part 1 - Intercepting Network Traffic
0 kommentar(er)
