Skip to main content

network sniffers

More
21 years 2 months ago #113 by adekker
network sniffers was created by adekker
after performing a capture using a sniffer and you discover that no traffic has been captured what is the most likely problem
More
21 years 2 months ago #114 by Chris
Replied by Chris on topic network sniffers
Adekker,

The problem could be anything from drivers to problematic program. It's really hard to pin point the exact cause without having access to the machine.

Check to see if there are and special filters enabled, causing the sniffer not to catch any data. What sniffer program are you using ?

You might also want to check their website for any patches or know issues the specific version you are using might have.

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
21 years 2 months ago #641 by tfs
Replied by tfs on topic Re: network sniffers
You also might check to see if your NIC has Promiscuous mode. If you have a newer card, this probably is not a problem as most have it. The older cards didn't necessarily have it.

Also, are you on a switch? If you are, then you won't see any traffic except what is going and coming from your workstation (unless you have a switch that supports port mirroring).

If you have a switch and know which machines you want to watch, hang a hub on your switch and put the machines you want to watch along with the machine that has you Protocol Analyser on it.

Tom.

Thanks,

Tom
More
21 years 2 months ago #643 by Chris
Replied by Chris on topic Re: network sniffers
TFS,

I never was aware that the older nic's didn't support promiscuous mode!

Well, atleast every card I have tried a sniffer, seemed to work in that mode.

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
21 years 2 months ago #647 by tfs
Replied by tfs on topic Re: network sniffers
No, some didn't, especially token ring cards. I still have some in my garage that don't. I'm talking real old.

It used to drive me crazy trying to find cards that don't. Network instruments used to have a page describing the ones that do and the ones that don't and you had to order the cards instead of going to your friendly neighborhood computer store to get the high end cards as they were a little more expensive.

Even now, most ethernet cards will tell you number and type of errors, but not the stations that created the error. Network Instruments has a specific card that will do this. Token ring cards never had that problem as you always knew the upstream and downstream addresses.

A lot of this apparently had to do with processing power of the computers. If the NIC card passed all the packets from the network to the computer, it would overload the machine. So if the card had this mode, you would have to go into properties and set it on, as it was normally set to off. Now, I believe all the cards have promiscuous mode (also known as statistical gathering mode) and promiscuous mode is set to on and it is not an option anymore.

Tom.

Thanks,

Tom
More
21 years 2 months ago #650 by Chris
Replied by Chris on topic Re: network sniffers

No, some didn't, especially token ring cards. I still have some in my garage that don't. I'm talking real old.


Oh boy .... your really showing your age now :lol:

Hehehe

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Time to create page: 0.140 seconds