Setting up a sniffing environment to loot at packet transfered from my windows comp?

Shurikn · 04-20-2003, 11:55 PM

Ok first of all I must say that I'm a total

to linux, I installed it today to learn how it work since I will study it soon. Anyway I wanted to install a program on my computer today and it say I have to set up a sniffing environment to analyse the packet that my windows computer is sending and receiving with my linux box. My computers are connected to internet with a router. I don't know what I have to do so I don't know if you'd need more information..

Anyway if someone could assists me to do that and maybe to install the program that require this sniffing environment I'd really appreciate it.

you can contact me with ICQ (9607973) or MSN (shurik_n@hotmail.com)

I know it's kinda funny of posting a microsoft email but that's all I have for now ; )

Thanks a lot to those who would help

DavidPhillips · 04-20-2003, 11:59 PM

try tcpdump

check this out

man tcpdump

DavidPhillips · 04-21-2003, 12:04 AM

there is also sniff, snort, and nc

Shurikn · 04-21-2003, 12:11 AM

hmm and that mean?
as I said I just started using linux

Shurikn · 04-21-2003, 12:38 AM

Here is what the installation file says:

============================
Verifying your network setup
============================

You need to set up a sniffing environment. How to do that is
beyond the scope of this simple INSTALL file, but look around the
net; there are many guides.
To verify that your sniffing setup is correct, run the following command
on your would-be EX box WHILE playing DAoC:

tcpdump -n host <IP of your Windows Machine playing DAoC>

You should (hopefully) see two-way traffic, that is traffic both to AND
from your windows machine. If you don't, you don't have a sniffing
setup, and you should fix that first.

I hope it can help
I did the cmd they are saying and nothing happened so I guess I'd have to do something before trying to sniff my windows box..

Thanks for the help

DavidPhillips · 04-21-2003, 12:53 AM

so where are you having problems

do you know the ip address that you are supposed to use?

please give more details of the problem

this is the command, with exception of the ip address may be incorrect

tcpdump -n host 192.168.0.1

DavidPhillips · 04-21-2003, 12:54 AM

also you can run tcpdump like this to see traffic

tcpdump

Shurikn · 04-21-2003, 12:39 PM

I'm having problem with when they say setup a sniffing, all I have to do is typing this command and let it run?

DavidPhillips · 04-21-2003, 12:47 PM

thats right

it's pretty much fool proof if you have a nic and it's setup for your network.

It looks like they are wanting you to verify that it's just seeing packets from the machine.

typing this command...

tcpdump

will display the packet headers and if you know the ip address of the windows machine you can look for it in the output to verify that it's sending packets across the network.

if you install sniff you can use it to format the output of tcpdump like this

sniff -c -- -i eth0 > filename

the last part > filename will output it to the file "filename" so you can read the file later. If you want it to show on the screen leave it off, but it will be going too fast to read.

see the output of sniff -h for details

Shurikn · 04-22-2003, 02:21 PM

ok I will try it

Thanks a lot!