+ Reply to Thread
Results 1 to 1 of 1

Thread: Packet analyzer

  1. #1

    Post Packet analyzer

    *Packet analyzer*(also known as a*network analyzer,*protocol analyzer*or*sniffer, or for particular types of*networks, an*Ethernet sniffer*or*wireless sniffer) is*computer software*or*computer hardware*that can*intercept*and log traffic passing over a digital*network*or part of a network.*As*data streams*flow across the network, the sniffer captures each*packet*and, if needed,*decodes*and analyzes its content according to the appropriate*RFC*or other specifications.


    Capabilities


    On wired*broadcast*LANs, depending on the network structure (hub*or*switch), one can capture traffic on all or just parts of the network from a single machine within the network; however, there are some methods to avoid traffic narrowing by switches to gain access to traffic from other systems on the network (e.g.*ARP spoofing). For*network monitoring*purposes it may also be desirable to monitor all data packets in a LAN by using a network switch with a so-called*monitoring port, whose purpose is to mirror all packets passing through all ports of the switch when systems (computers) are connected to a switch port.


    On*wireless LANs, one can capture traffic on a particular channel.


    On wired broadcast and wireless LANs, to capture traffic other than*unicast*traffic sent to the machine running the sniffer software,*multicast*traffic sent to a multicast group to which that machine is listening, and*broadcast*traffic, the*network adapter*being used to capture the traffic must be put into*promiscuous mode; some sniffers support this, others don't. On wireless LANs, even if the adapter is in promiscuous mode, packets not for the*service set*for which the adapter is configured will usually be ignored. To see those packets, the adapter must be in*monitor mode.


    Uses


    The versatility of packet sniffers means they can be used to:



    • Analyze network problems

    • Detect*network intrusion*attempts

    • Detect network misuse by internal and external users

    • Documenting regulatory compliance through logging all perimeter and endpoint traffic

    • Gain information for effecting a network intrusion

    • Isolate exploited systems

    • Monitor WAN bandwidth utilization

    • Monitor network usage (including internal and external users and systems)

    • Monitor data-in-motion

    • Monitor WAN and endpoint security status

    • Gather and report network statistics

    • Filter suspect content from network traffic

    • Serve as primary data source for day-to-day network monitoring and management

    • Spy on other network users and collect sensitive information such as passwords (depending on any content*encryption*methods which may be in use)

    • Reverse engineer*proprietary protocols*used over the network

    • Debug client/server communications

    • Debug network protocol implementations

    • Verify adds, moves and changes

    • Verify internal control system effectiveness (firewalls, access control, Web filter, Spam filter, proxy)


     


    Last edited by Raytan; 09-07-2010 at 08:14 AM. Reason: Update

+ Reply to Thread

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts