I have a few questions for the traffic analysis and network administration. I know there are a lot of system admins here and someone can shed some light on these for sure.
I have a router, cable dsl and 3 machines connected in the intranet via wireless cards and 1 via ethernet via router. I have the following questions. One is the Linux box and others are windows boxes running XP
1. From the linux box, if I try to run nmap I can see open ports of all other machines which is fine. Is there any other tool for port scanning and seeing what services/programs are running on these windows boxes.
2. Lets say I want to administer packets at the router level and want to see which packet is going to which machine (both to and fro), what tools/tips and techniques are recommended for the same.
Thanks a Lot, Regards, Rebel
__________________________________ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/
On Mon, 7 Mar 2005 01:27:24 -0800 (PST), Rebel rebel_student@yahoo.com wrote:
I have a few questions for the traffic analysis and network administration. I know there are a lot of system admins here and someone can shed some light on these for sure.
I have a router, cable dsl and 3 machines connected in the intranet via wireless cards and 1 via ethernet via router. I have the following questions. One is the Linux box and others are windows boxes running XP
- From the linux box, if I try to run nmap I can see
open ports of all other machines which is fine. Is there any other tool for port scanning and seeing what services/programs are running on these windows boxes.
- Lets say I want to administer packets at the router
level and want to see which packet is going to which machine (both to and fro), what tools/tips and techniques are recommended for the same.
Thanks a Lot, Regards, Rebel
You can use netcat to scan ports
nc -v -w 1 <IP> -z 1-1024
ettercap and ethereal are quite cool to see the packets to and throu
On Monday 07 March 2005 03:27, Rebel wrote:
I have a few questions for the traffic analysis and network administration. I know there are a lot of system admins here and someone can shed some light on these for sure.
I have a router, cable dsl and 3 machines connected in the intranet via wireless cards and 1 via ethernet via router. I have the following questions. One is the Linux box and others are windows boxes running XP
- From the linux box, if I try to run nmap I can see
open ports of all other machines which is fine. Is there any other tool for port scanning and seeing what services/programs are running on these windows boxes.
- Lets say I want to administer packets at the router
level and want to see which packet is going to which machine (both to and fro), what tools/tips and techniques are recommended for the same.
Thanks a Lot, Regards, Rebel
iptraf, ethereal, tcpdump are all good packet capture applications. Snort ( www.snort.org ), an intrusion detection application, make's very good guesses about what's running on other machines and another, named Nessus ( www.nessus.org ) is rather informative too. Ntop ( http://www.ntop.org/ntop.html ) will show you a fancy breakdown of your network traffic by machine/protocol/application etc.
Regards, Mike Klinke
Don't forget tethereal, the text version of ethereal it is very fast.
Marc
On Mon, 7 Mar 2005 07:39:55 -0600, Mike Klinke lsomike@futzin.com wrote:
On Monday 07 March 2005 03:27, Rebel wrote:
I have a few questions for the traffic analysis and network administration. I know there are a lot of system admins here and someone can shed some light on these for sure.
I have a router, cable dsl and 3 machines connected in the intranet via wireless cards and 1 via ethernet via router. I have the following questions. One is the Linux box and others are windows boxes running XP
- From the linux box, if I try to run nmap I can see
open ports of all other machines which is fine. Is there any other tool for port scanning and seeing what services/programs are running on these windows boxes.
- Lets say I want to administer packets at the router
level and want to see which packet is going to which machine (both to and fro), what tools/tips and techniques are recommended for the same.
Thanks a Lot, Regards, Rebel
iptraf, ethereal, tcpdump are all good packet capture applications. Snort ( www.snort.org ), an intrusion detection application, make's very good guesses about what's running on other machines and another, named Nessus ( www.nessus.org ) is rather informative too. Ntop ( http://www.ntop.org/ntop.html ) will show you a fancy breakdown of your network traffic by machine/protocol/application etc.
Regards, Mike Klinke
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
On Mon, March 7, 2005 1:27 am, Rebel said: [..]
- Lets say I want to administer packets at the router
level and want to see which packet is going to which machine (both to and fro), what tools/tips and techniques are recommended for the same.
Check into tcpdump and ethereal. These are essentially packet capture programs, as is snort. You can add modules to the latter to make it an IDS.
You want to make sure you're either on a promiscuous port on a switch, or connected to a hub. The reason being, switches don't typically repeat signals across all ports unless it has the ability to do so (higher end switches). Hubs are simply signal repeaters which means nodes connected to a hub sees packets/datagrams even though the destination is another node.
On Mon, 2005-03-07 at 09:56, Matt Florido wrote:
On Mon, March 7, 2005 1:27 am, Rebel said: [..]
- Lets say I want to administer packets at the router
level and want to see which packet is going to which machine (both to and fro), what tools/tips and techniques are recommended for the same.
Check into tcpdump and ethereal. These are essentially packet capture programs, as is snort. You can add modules to the latter to make it an IDS.
You want to make sure you're either on a promiscuous port on a switch, or connected to a hub. The reason being, switches don't typically repeat signals across all ports unless it has the ability to do so (higher end switches). Hubs are simply signal repeaters which means nodes connected to a hub sees packets/datagrams even though the destination is another node.
All of those tools are very good. (ethereal, tcpdump, snort, iptraf, ntop, nessus etc)
In order of usefulness/importance I would say ethereal, nmap, nessus, ntop. Snort is good if you want a network intrusion detection system, but can be cumbersome to setup.
ettercap is very good as well and can in some cases be used to sniff switches using a few different methods.
And since you are running wireless connections don't forget kismet and gkismet. That tool will forever convince you that nothing on wireless should be run outside of ssh or VPN even with WEP enabled.