Using a Sniffer: We touched on some of the basics of using a sniffer in the previous section, but now let’s get down and dirty.
Quite a few sniffer software packages are available that perform nearly identical functions.
The real advantage of one over the other is the robustness of functionality in how the sniffer displays that data and what options are available to help you digest and dissect it.
NOTE: In term of LI, typically the sniffing process is looked at as having three components. The first component is an intercept access point (IAP) that gathers the information for the LI.
The second component is a mediation device supplied by a third party that handles the bulk of the information processing.
The third component is a collection function that stores and processes information intercepted by the third party.
Sniffing tools are extremely common applications. A few interesting ones are listed here:
Wireshark One of the most widely known and used packet sniffers. Offers a tremendous number of features designed to assist in the dissection and analysis of traffic.
Tcpdump A well-known command-line packet analyzer. Provices the ability to intercept and observe TCP/IP and other packets during transmission over the network. Available at www.tcpdump.org.
WinDump A windows port of the popular Linux packet sniffer tcpdump, which is a command-line tool that is great for displaying header information.
OmniPeek Manufactured by WildPackets, OmniPeek is a commercial product that is the evolution of the product EtherPeek.
Dsniff A suite of tools designed to perform sniffing with different protocols with the intent of intercepting and revealing passwords. Dsniff is designed for Unix and Linux platforms and does not have a complete equivalent on the Windows Platform.
EtherApe A Linux/Unix tool designed to graphically display a system’s incoming and outgoing connections.
MSN Sniffer A sniffing utility specifically designed for sniffing traffic generated by the MSN Messenger application.
NetWitness NextGen Includes a hardware- based sniffer, along with other features, designed to monitor and analyze all traffic on a network; a popular tool in use by the FBI and other Law enforcement agencies.
NOTE: The sniffing tools listed here are only a small portion of the ones available. It is worth your time to investigate some of these, or all if you have the time, to improve your skills.
We spend plenty of time with Wireshark in this articles because it is the recognized leader. Anything you learn with this sniffer will work with the others—It’s just a matter of learning a new interface.