your mouse.
Note: Airscanner Mobile Sniffer™ is based in part on Winpcap, so you will not have
to install Winpcap separately as Airscanner Mobile Sniffer™ will install the necessary
parts for you. However, you will need to install it on your PC if you plan to use Ethereal
for advanced desktop based post-data capture analysis (highly recommended).
Installation of a sniffer on Linux usually requires no extra drivers other than those
required for normal operation. The only exceptions to this are wireless sniffers, which
could require patches or a special driver. Ensure you read the sniffer’s documentation
before installation to avoid hours of frustration.
2.1.4 Promiscuous Mode
When a network card is manufactured, it is assigned a unique identifier known as a
Media Access Control (MAC) address. Since this address is supposed to be unique, is
serves as one of the fundamental methods by which data is transmitted over a network.
While there are many other communication protocols that sit on top of the MAC address
to help with data flow, the MAC address is used in the first and last leg of the
transmission process. It is important to understand the importance of the MAC address,
because it indirectly affects what data a sniffer can access.
When a network card is operating normally, it actually scans each packet of data
traveling over the network to see if any of the data is labeled with its MAC address. If
there is a match, the data is passed up to the next layer in the protocol stack, and
ultimately to the program to which it was sent. However, if the packet is not addressed to
the NIC, it will be ignored.
Since the sniffer software actually operates above the hardware layer of the
communication stack, it will only receive data that was sent to the computer on which it
is operating. In other words, the sniffer will only see local traffic. While this level of
access can be helpful in some situations, the limited access will restrict most
troubleshooting efforts. However, this is where promiscuous mode comes into play.
When a network card is placed in promiscuous mode, it will accept ALL data passed
on the wire to which it is connected, regardless of any MAC address. However, there are
still some obstacles a sniffer must overcome to gain access to network traffic. This
includes additional support for wireless data, which uses radio waves to pass data, and
limitations due to networking technology.
2.2 Switches and Hubs
Within any local area network you will find network hubs and/or switches. These
devices are very similar in appearance, and on the surface perform the same duties.
However, once you look at how these devices work, you will quickly see that they are
inherently different devices.
A hub is a very simple
passive
device that receives data in on one port and distributes
it to all the other ports. It does not examine or care what data passes through it, nor does
