- wireshark (ethereal)
- etherape
- tshark
- darkstat
- ntop
- iptraf
Remember that promiscuous mode monitoring requires packages to actually pass your interface for the host to be able to pick them up. I.e. wired traffic can be difficult to pick up if a network switch is used in the central of a star network topology. Either replace it with a simple hub or you have to put the machine used for monitoring in the way between the router and the rest of the network (i.e. it has to be multi hosted running ip-chains or similar).
Note that darkstat has a config bug. For the -l option the format is:
-l aaa.bbb.ccc.ddd/nnn.nnn.nnn.nnn
and not:
-l aaa.bbb.ccc.ddd/N
(where N is the number of bits from the left. I.e. 1-32)
No comments:
Post a Comment