packet analysis – About Things | A Hans Scharler Blog https://nothans.com Life, Comedy, Games, Tech, Marketing, and Community Thu, 11 Aug 2022 21:59:09 +0000 en-US hourly 1 https://i0.wp.com/nothans.com/wp-content/uploads/2023/02/cropped-settings.png?fit=32%2C32&ssl=1 packet analysis – About Things | A Hans Scharler Blog https://nothans.com 32 32 114568856 Wireshark 1.2.0 – New Version https://nothans.com/wireshark-120-new-version https://nothans.com/wireshark-120-new-version#respond Tue, 30 Jun 2009 02:32:00 +0000 http://nothans.com/wireshark-120-new-version Wireshark is a tool that performs packet and protocol analysis on a network. Packets are the virtual transport mechanism that moves data from sender to receiver. Each packet has a header and payload – the header contains information about where the packet came from and where it’s going, as well as the protocols being used. The payload has our actual digitized data – parts of a website, text, a section of a photo, or a clip of audio from an MP3 or a phone call. If you don’t get all of the packets then a phone call may sound choppy or it may take a while to download a complete file. Wireshark allows you to take a look at the packets you are sending and receiving and learn a lot more about what is happening and what’s breaking down. Wireshark is not for the lighthearted, as the tool requires knowledge of protocols and a deep understanding of OSI, IP, and TCP/UDP at the very least. But, with time, Wireshark becomes invaluable to the troubleshooting process. I have relied on the tool for my work supporting Voice-over-IP (VoIP) and system and application connectivity. The only side-effect of Wireshark is that you will soon realize why it’s not a good idea to surf the web in a public spot (without a VPN or encryption).

Wireshark Start Page

The new version of Wireshark includes more protocols that it will decode, supports 64-bit Windows, and has GeoIP integrated support. Also, Wireshark works perfectly with my passive network cable. Visit www.wireshark.org to download the latest version and learn more about it.

]]> https://nothans.com/wireshark-120-new-version/feed 0 694 Passive Packet Capturing https://nothans.com/passive-packet-capturing https://nothans.com/passive-packet-capturing#respond Tue, 29 May 2007 18:11:00 +0000 http://nothans.com/passive-packet-capturing User A to User B packet data traffic can be monitored through a HUB by User C using a “receive‑only” Ethernet cable.

Receive Only Cable Diagram

On the HUB end of the cable, there is a loop between TX and RX to activate the HUB port. Any traffic through the HUB will now include this port in the broadcasts.

User C taps onto the loop by its receive pins.

Once the connections are made to the HUB, User C will receive all packets that flow through the HUB, but User C will not transmit any packets towards the HUB (no DHCP requests and no ARP requests).

The NIC on User C is in promiscuous mode capturing all incoming packets only.

Using a receive-only Ethernet cable in this configuration allows for the ability to passively capture packets, while not actively being a part of the network.

Network administrators can actively test for devices in promiscuous mode, monitor for DHCP and ARP requests, and review MAC tables to determine the presence of a packet analysis tool.

]]> https://nothans.com/passive-packet-capturing/feed 0 713