|
Introduction
|
Network analysis tools enable diagnosis of problems or allow exploration of all hardware on a computer network. They generally fall into three categories :
Packet analyzers allow capture and display of individual messages being processed by your computers network card. Port scanners are designed to probe other computers or network devices on a network and report interesting information. Hardware scanners investigate what is on the network and report back what it finds. The key difference between what a port scanner does versus a hardware scanner is the area it is scanning. Port scanners only focus on ports that are open and they sometimes attempt to see what is listening to that port on that device. Hardware scanners on the other hand are more intelligent and look at the bigger picture of what the purpose of that device is and how it is interacting on the network. All of these tools are invaluable for those wanting to learn about networking or just want to investigate what is on their network and what each device is doing. |
|
Discussion
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WireShark (formerly Ethereal) has established itself as the de-facto packet analyzer. It can capture packets of standard ethernet, PPP and VPN interfaces. I have used it many times to identify people running heavy reports bringing servers down to a crawl.
Ettercap goes beyond packet capture, allowing investigation and simulation of low level network attacks — ARP cache poisoning, DHCP hijack etc. It can also be extended with external scripts. A powerful tool in the right hands — use carefully on your live network. Both programs require installation of Windows Packet Capture package (WinPcap). WinPcap allows for other software to ‘listen’ secretly to the information coming and going through the network card on the computer. I found it better to install the latest winpcap first, rather than versions included with the programs. Nmap will scan an individual IP address. It will report on open ports, interesting information and the likely type of device/operating system. This tool proved invaluable in proving to a client that the IP address he claimed was a print server in fact had a PC using it. Also requires WinPcap. Angry IP is a very lightweight program that allows you to quickly scan a range of IP addresses. It provides less information and options than Nmap, but shows open ports and highlights which addresses are active. One thing to keep in mind when using tools like these for network analysis is that if the network devices are connected together through switches instead of hubs the data will not be visible to all connected devices. Switches route data from a specific device to another specific device. Tools like WinPcap that listen on the network card for traffic flowing through that card are not going to see traffic on the network unless it has been specifically targeted for that machine running WinPcap. Think of it this way; there may be 8 lanes of traffic on a highway but there are 20 foot barriers between each lane and each lane only takes you to one specific exit. This example shows that although you are only a few feet from other traffic you are unable to see the cars to the left or right and you have no idea where they are going. That is exactly the way a switched network operates. If you are listening to traffic on a particular computer or server and expect to see a representation of all traffic you are not going to get what you are looking for.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1.0.4 
Unrestricted Freeware 
2000/XP/2003/Vista
WOW! A wonderful post buddy! I am really thankful to you for this post. I just loved your blog and specially this post. You must keep this fantastic effort going on.
I need some advice for my blog….I like your layout. Can you help me? 7 6 1
I’m always searching for stuff on topics that I do not know of, even though it might be old news. It’s not an easy task to search things that you do not know about, because what do you search for?
This was right up my alley on something new to me. Awsome read! Thank you.
Hello,I love reading through your blog, I wanted to leave a little comment to support you and wish you a good continuation. Wishing you the best of luck for all your blogging efforts.
Interesting article. Were did you got all the information from…
Great information! I’ve been looking for something like this for a while now. Thanks!
Terrific work! This is the type of information that should be shared around the web. Shame on the search engines for not positioning this post higher!