background image

3.1.7 Summary 

Filtering is a very valuable aspect to any sniffer. For this reason we included a 

simple, but useful, filtering module in Airscanner Mobile Sniffer™. If used, this filter 
will allow you to focus on the data that matters. This will reduce the time you spend 
looking through the data, will reduce the wasted space filled with useless data, and will 
allow you to collect only data that matters to you. In addition, since this data is captured 
in Ethereal format, you can easily export it and analyze it much more intensely on your 
desktop. 

  

3.2 Ethereal 

URL: http://www.ethereal.com 
  

3.2.1 Description 

Ethereal is one of the most popular sniffers available. It performs packet sniffing on 

almost any platform (Unix, Windows), in both real-time (live), and from saved capture 
files from other sniffers (NAI’s Sniffer, NetXray, tcpdump, and more). Included with this 
program are many features such as filtering, TCP stream reconstruction, promiscuous 
mode, third-party plug-in options, and the capability to recognize more than 260 
protocols. Ethereal also supports capturing on Ethernet, FDDI, PPP, token ring, X-25, 
and IP over ATM. In short, it is one of the most powerful sniffers available on the market 
today—and it is free.  

  

3.2.2 Installation on Windows 

Installation varies depending on the platform. Because 98% of people using this 

program employ either a Linux distribution (such as RedHat) or a Windows operating 
system, we will be discussing only those platforms. For the most part, what works on one 
*nix operating system will work on another with only slight modifications to the 
installation procedure. 

  

Using Ethereal with Windows is fairly straightforward. There is one exception to this 

point. 802.11 packet captures are not currently available using Ethereal with any 
Windows OS. However, if you want to capture data from a wired network, Ethereal will 
work quite well. 

  

3.2.2.1 Requirements 

WinPcap: http://winpcap.polito.it 
There is one requirement for Ethereal on Windows: WinPcap. This program, 

available for free online, enables Ethereal to link right into the network card before the 
data is passed up to the network software and processed by Windows. This program is 
required because of the way in which Windows interacts with its hardware. To reduce 
system crashes, any program installed in a Windows environment must interface with the 
OS software, which in turn communicates with the hardware. This is meant to be 
beneficial by restricting direct access to the hardware, which can cause software 
incompatibilities, ultimately resulting in system crashes. 

  
In addition to the packet driver previously discussed, WinPcap includes another 

Содержание Mobile Sniffer

Страница 1: ...Airscanner Mobile Sniffer For Windows Mobile Pocket PC Technical Whitepaper and User s Guide Level ___ Beginner _x_ Intermediate _x_ Advanced ___ Expert Estimated Reading Time 60 minutes...

Страница 2: ...r TM Mobile Sniffer packs the power of a full scale sniffer into an application for portable devices Once your Windows Mobile device is linked to the network Airscanner TM Mobile Sniffer monitors all...

Страница 3: ...006 Airscanner Corp Please ask permission before redistributing this software or user s manual Version History Version 1 0 released April 30 2003 Version 1 02 released May 7 2003 Version 2 0 released...

Страница 4: ...ace or as part of a complex and very expensive hardware device e g 40 000 GTX Multi protocol analyzer that can handle multiple network lines and GBs of data Though it is just a tool it like many other...

Страница 5: ...his is because there are several major types of wireless network cards WNICs available on the market Fortunately these have become more standardized across OEMs especially now that built in WiFi cards...

Страница 6: ...etwork to see if any of the data is labeled with its MAC address If there is a match the data is passed up to the next layer in the protocol stack and ultimately to the program to which it was sent Ho...

Страница 7: ...access to it 2 3 ARP Spoofing As we have previously discussed the existence of a switch in a network is a serious obstacle to a sniffer Due to a MAC IP table traffic from one NIC will only be passed...

Страница 8: ...f the technical aspects of the filtering language most filters are very similar in appearance and are easy to understand The following represents two filters one from Ethereal which is the most common...

Страница 9: ...is time to take a look at how you can benefit from Airscanner Mobile Sniffer In addition we have included a section on Ethereal to help you prepare for future analysis of collected data from Airscann...

Страница 10: ...orrectly Symptoms of a problem include obvious error messages program crashes or the lack of promiscuous mode during an otherwise normal sniffing session 3 1 3 Installation Assuming you have met all t...

Страница 11: ...outline the usage features of Airscanner Mobile Sniffer It assumes you have Airscanner Mobile Sniffer installed and working properly To use Airscanner Mobile Sniffer locate the MobileSniffer icon in...

Страница 12: ...apters are usually not easy to understand 3 1 5 Menus Airscanner Mobile Sniffer is laid out in a functional and logical format There are two menu options on the menu bar at the bottom of the pocket PC...

Страница 13: ...o review This option was included to let you make the decision if you wanted the old data erased or not It is set by default to clear the screen at the start of each capture session Promiscuous Mode A...

Страница 14: ...is is set at a default of 100 packets This is a conservative setting but we prefer to allow you to increase this setting to a higher value as your Pocket PC device permits If it is too high you could...

Страница 15: ...e Sniffer This option is covered in detail in the filtering section Enable Filter By default filtering is not enabled when sniffing However if you want to narrow down the collected data to an exclusiv...

Страница 16: ...ets the capture files View Packet Details While knowing the IP address and MAC address of each packet is useful the real power of sniffing is knowing what is inside the packet This option gives you th...

Страница 17: ...to define where on the pocket pc you want to save the capture file Like the Save Packets to option this will help you control where to store data to avoid overflowing the pocket pc s device Start Sto...

Страница 18: ...This can help you narrow down traffic to a particular service Port Number The port number is important because it often indicates the reason for the traffic For example port 80 is the default port use...

Страница 19: ...2 2 Installation on Windows Installation varies depending on the platform Because 98 of people using this program employ either a Linux distribution such as RedHat or a Windows operating system we wil...

Страница 20: ...d files Text2Pcap Tool for converting raw ASCII hex to libpcap format packet capture files Mergecap Tool for merging several capture files into one file 6 6 Finish installation 3 2 2 4 Running Etherea...

Страница 21: ...e data in the packet Packet Detail This window contains more detailed information about the packet such as MAC addresses IP address packet header information packet size packet type and more This is f...

Страница 22: ...card must be able to receive and transmit data If the card does not work properly before using Ethereal it will certainly not work while it is running In addition if you are using a WNIC you might be...

Страница 23: ...he ring buffer to create numerous files in case you collect the maximum number of packets required to fill up the first file it allows you to capture infinite amounts of data You can also adjust name...

Страница 24: ...e Ethereal window In this example we will create a filter for AIM and Quake Quake is a multiplayer game whose mastery is an essential prerequisite for any competent security professional However if yo...

Страница 25: ...ntences we stop the capture and let Ethereal load the data into the packet display windows At this point we have a great deal of commingled data How can we sort through this data to find our chat sess...

Страница 26: ...g 4 Troubleshooting If you experience problems with Airscanner Mobile Sniffer please review the following symptoms to help guide your trouble shooting efforts Unable to set mode This error is given wh...

Страница 27: ...in a sniff session Is this normal YES This is why any wireless network MUST be encrypted Email instant messages web pages and other tidbits of data are easily captured and read by a network If you can...

Страница 28: ...IDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON A...

Отзывы: