- Posts: 1
- Thank you received: 0
network sniffers
21 years 3 months ago #113
by adekker
network sniffers was created by adekker
after performing a capture using a sniffer and you discover that no traffic has been captured what is the most likely problem
21 years 3 months ago #114
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic network sniffers
Adekker,
The problem could be anything from drivers to problematic program. It's really hard to pin point the exact cause without having access to the machine.
Check to see if there are and special filters enabled, causing the sniffer not to catch any data. What sniffer program are you using ?
You might also want to check their website for any patches or know issues the specific version you are using might have.
The problem could be anything from drivers to problematic program. It's really hard to pin point the exact cause without having access to the machine.
Check to see if there are and special filters enabled, causing the sniffer not to catch any data. What sniffer program are you using ?
You might also want to check their website for any patches or know issues the specific version you are using might have.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
21 years 3 months ago #641
by tfs
Thanks,
Tom
Replied by tfs on topic Re: network sniffers
You also might check to see if your NIC has Promiscuous mode. If you have a newer card, this probably is not a problem as most have it. The older cards didn't necessarily have it.
Also, are you on a switch? If you are, then you won't see any traffic except what is going and coming from your workstation (unless you have a switch that supports port mirroring).
If you have a switch and know which machines you want to watch, hang a hub on your switch and put the machines you want to watch along with the machine that has you Protocol Analyser on it.
Tom.
Also, are you on a switch? If you are, then you won't see any traffic except what is going and coming from your workstation (unless you have a switch that supports port mirroring).
If you have a switch and know which machines you want to watch, hang a hub on your switch and put the machines you want to watch along with the machine that has you Protocol Analyser on it.
Tom.
Thanks,
Tom
21 years 3 months ago #643
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: network sniffers
TFS,
I never was aware that the older nic's didn't support promiscuous mode!
Well, atleast every card I have tried a sniffer, seemed to work in that mode.
I never was aware that the older nic's didn't support promiscuous mode!
Well, atleast every card I have tried a sniffer, seemed to work in that mode.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
21 years 3 months ago #647
by tfs
Thanks,
Tom
Replied by tfs on topic Re: network sniffers
No, some didn't, especially token ring cards. I still have some in my garage that don't. I'm talking real old.
It used to drive me crazy trying to find cards that don't. Network instruments used to have a page describing the ones that do and the ones that don't and you had to order the cards instead of going to your friendly neighborhood computer store to get the high end cards as they were a little more expensive.
Even now, most ethernet cards will tell you number and type of errors, but not the stations that created the error. Network Instruments has a specific card that will do this. Token ring cards never had that problem as you always knew the upstream and downstream addresses.
A lot of this apparently had to do with processing power of the computers. If the NIC card passed all the packets from the network to the computer, it would overload the machine. So if the card had this mode, you would have to go into properties and set it on, as it was normally set to off. Now, I believe all the cards have promiscuous mode (also known as statistical gathering mode) and promiscuous mode is set to on and it is not an option anymore.
Tom.
It used to drive me crazy trying to find cards that don't. Network instruments used to have a page describing the ones that do and the ones that don't and you had to order the cards instead of going to your friendly neighborhood computer store to get the high end cards as they were a little more expensive.
Even now, most ethernet cards will tell you number and type of errors, but not the stations that created the error. Network Instruments has a specific card that will do this. Token ring cards never had that problem as you always knew the upstream and downstream addresses.
A lot of this apparently had to do with processing power of the computers. If the NIC card passed all the packets from the network to the computer, it would overload the machine. So if the card had this mode, you would have to go into properties and set it on, as it was normally set to off. Now, I believe all the cards have promiscuous mode (also known as statistical gathering mode) and promiscuous mode is set to on and it is not an option anymore.
Tom.
Thanks,
Tom
21 years 3 months ago #650
by Chris
Oh boy .... your really showing your age now :lol:
Hehehe
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: network sniffers
No, some didn't, especially token ring cards. I still have some in my garage that don't. I'm talking real old.
Oh boy .... your really showing your age now :lol:
Hehehe
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Time to create page: 0.143 seconds