|
|
(8 intermediate revisions by 3 users not shown) |
Line 1: |
Line 1: |
− | ==What it is==
| + | Packet sniffing is essentially eavesdropping on a network interface usually set to promiscuous mode. |
| + | Packet sniffing is also used in conjuction with [[ARP]] [[spoofing]] to perform [[MITM]] attacks. |
| + | |
| + | See also [[tcpdump]], [[ethereal]] and [[dsniff]]. |
| | | |
− | Packet sniffing is essentially eavesdropping on a network interface.
| + | [[Category:FreeBSD Terminology]] |
− | | + | |
− | ==tcpdump==
| + | |
− | | + | |
− | The granddaddy of all packet sniffers, [[tcpdump]] will be found on just about any unix system you're likely to encounter.
| + | |
− | | + | |
− | Common options:
| + | |
− | -c ''number'' "sniff this many packets". By default, tcpdump will sniff until you tell it not to. Using this flag will cause it to stop at a certain number of packets
| + | |
− | -i ''interface''"listen on this interface". If you want traffic from just one network interface, you want to use this option.
| + | |
− | -a "convert IPs to names if you can"
| + | |
− | -w ''filename'' "write this to a file". you must give a filename to write to.
| + | |
− | -q "don't be so verbose" -- strips more protocol information
| + | |
− | | + | |
− | [[tcpdump]] understands boolean operators (and not or, etc) and can take hostnames, IPs, networks and protocols as arguments. The output is terse and hard to understand if you don't know what you're looking at or for; for this reason many folks prefer friendlier front-ends to tcp, such as ethereal.
| + | |
Packet sniffing is essentially eavesdropping on a network interface usually set to promiscuous mode.
Packet sniffing is also used in conjuction with ARP spoofing to perform MITM attacks.