Maddogsa Sep 13, 2006   9:26 AM GMT

Our organization has been using Etherpeek - www.wildpackets.com now Omnipeek for a long time -solid product you may want to check them out.

0 pointsBadges:

PDMeat Sep 13, 2006   12:40 AM GMT

Ethereal is a great tool as mentioned. I've not tried etherpeek. Another option for Microsoft OS laptop would be netmon. You can get it to work on XP and windows 2003 servers and it's free. One thing you'll want to learn in a hurry is how to use filtering as networks are very chatty when using these tools- it's easy to get inundated. Just put filters on for the protocols or IPs that you're concerned about and you'll ge a nice picture.

0 pointsBadges:

Magichut Sep 13, 2006   1:17 PM GMT

What Operating system are you using? What kind of data are you looking for. Ethereal and Etherpeek are good products. You can also use things like windump, netmon ( I believe it was mentioned already) or if you want to structure your captures, be able to go through them and search for specific types, size, where it's going (for customer sales) then I would suggest snort or winsnort. With Snort you can drop your scan into a db file and parse it for specific data (I.E. messenger packets, etc..) If your using wireless then maybe airsnort, or network stumbler. If your looking for password captures then L0pht or Cain and Able. Yes there are a lot out there, find your need and narrow it down and you should find a few good tools to use. If your looking for good recommendations, start at www.sans.org click on their resources link, grab a big cup of Joe, and read til your eyes fall out :) Have fun, Eric

0 pointsBadges:

Astronomer Sep 13, 2006   1:35 PM GMT

For the monitoring part when you don't actually have to see the packet body, I would try ntop. It has been very useful for us. rt

15 pointsBadges: