IT Answers » Packet Sniffing

WEP password cracking without SSID

NewnanIT — Wed, 20 Apr 2011 14:49:08 +0000

Can a WEP password really be cracked in under 5 minutes with a packet sniffer? Is this true even if the site does not have a SSID?

Packet Filtering information required

Jagdish — Thu, 11 Jun 2009 10:18:30 +0000

Hi, One of our PC which is running on REDHat is sending SMTP packets to the firewall. Though the firewall drops the packet, it logs the same. We wanted to know :
1. IF we have to run a packet capture tool, where do we run ? – on the firewall or the PC ?
2. We ran network monitoring tool, but did not find any service / application on the rouge PC that is sending smtp packets. How do I trace back to the service / application ?

Thanks in advance

Regards

Jagdish

Inbound traffic is coming from router IP, not internet IP. Why?

Robert579 — Wed, 11 Feb 2009 06:24:44 +0000

Hello, thank you for your time.
I have recently noticed a strange occurence going on with inbound traffic.
The other day, I helped my friend set up his network. icmp ping was good. while sniffing, I first noticed inbound tcp traffic to me was not coming from my friend’s IP address, but coming from my switch. (we used a simple udp tunnel to connect the LANs)
I tested it using GRC.com’s shieldsup utility. My port tested closed, which was the proper setting for the test. The packet trace indicated a ton of https traffic during grc.com visit between me and grc.com, then two small syn and syn+ack packets in the middle, the syn of which was grc.com’s test packet. The problem is, that syn packet said it came from my home switch IP, not a grc.com IP. My syn+ack response, the second packet, also had the router ip as the destination address, yet grc picked it up as a closed port indication. My question is, even though traffic seems to behave correctly for the most part, why is my network spy v2.0 seeing all inbound traffic as originating from my router, not the internet IP it did come from? (it used to indicate the internet host the traffic came from. i have not tried a second sniffer.)
The behavior confuses apps. using hamachi, when my friend logs in, hamachi indicates the tunnel is up on my router’s ip, not his ip, a departure from previous behavior. I am using cox cable internet, which does block many typical service ports. I don’t know if this is another way the isp found to hose up inbound traffic.

Is it necessary to be connected to sniff traffic over a wired network?

Rahul Shrivastava — Fri, 09 Jan 2009 07:09:50 +0000

Is it necessary to be connected to sniff traffic over a wired network?

Solutions for sniffing?

Rahul Shrivastava — Mon, 05 Jan 2009 06:29:03 +0000

Hello Guys.
Can anybody help me know that how to protect traffic from being sniffed? One solution is encryption, anything else ?

Your answers awaited.
Cheers.
Rahul

Need help with packet sniffing

NetworkingATE — Thu, 11 Dec 2008 20:14:27 +0000

I am doing a sniffer project but I have one problem. This program only receives our host-related packets. I need to know how to receive all packets in the transmission medium. Can anyone help?