monitoring network trafic

Everyone I like MS as well but unless you install the core and parser set you are only getting a stripted down lite version

The Network Monitor core engine has been decoupled from the parser set. To install the full Network Monitor 3.3 product:

• Run the setup.exe for the platform you are installing.
• You will be prompted first to install the core engine. Follow the installation directions. Make sure you close existing instances of netmon.exe, nmcap.exe and any running NMAPI applications.
• Next you will be prompted to install the parser package. Follow the installation directions:

As a beginner I thought the OP would think the ease of use would be the most important factor.

Ken

A packet sniffer probably isn't going to give you enough info to work with, unless you do something like perform MITM, spoof the router's MAC address, or setup a mirrored port which the Linksys probably cannot do.

If anyone is wired into the router via ethernet, the switch inside the router will prevent you from sniffing other people's traffic (besides doing the techniques I mentioned above).

sup3rsprt said:

A packet sniffer probably isn't going to give you enough info to work with, unless you do something like perform MITM, spoof the router's MAC address, or setup a mirrored port which the Linksys probably cannot do.

If anyone is wired into the router via ethernet, the switch inside the router will prevent you from sniffing other people's traffic (besides doing the techniques I mentioned above).

Yea this is what I read in some places while googling, so MITM/Spoofing the router's MAC address/setting up mirrored port are all not supported with the linksys routers?

I played around a little with Wireshark, but it seems it can only monitor the local trafic on the locally installed NICs, unless you have something installed on the other computers... when I tried to monitor a remote computer it said that the server software was maybe not running on it....

sup3rsprt said:

A packet sniffer probably isn't going to give you enough info to work with, unless you do something like perform MITM, spoof the router's MAC address, or setup a mirrored port which the Linksys probably cannot do.

If anyone is wired into the router via ethernet, the switch inside the router will prevent you from sniffing other people's traffic (besides doing the techniques I mentioned above).

Not if It has remotes like Observer, and is not passive, or he runs it in the DMZ

K

you can do MITM or MAC spoofing on just about any router. Mirrored port will require special firmware on Linksys.

zigzag3143 said:

Not if It has remotes like Observer, and is not passive, or he runs it in the DMZ

K

remotes like Observer?

DMZ is not even real on Linksys routers. It's just Masquerade.

sup3rsprt said:

remotes like Observer?

DMZ is not even real on Linksys routers. It's just Masquerade.

Yep I knew you were lurking. I said nothing abt Linksys.

Ken

akramh has a Linksys router. Why you talking about DMZ?

akramh said:

I played around a little with Wireshark, but it seems it can only monitor the local trafic on the locally installed NICs, unless you have something installed on the other computers... when I tried to monitor a remote computer it said that the server software was maybe not running on it....

Wireshark can monitor in promiscuous mode depending on your NIC and depending on if your wireless NIC supports monitor mode. I think you should be able to sniff other people's traffic with it, but it is not a very good solution unless you're an expert at reading packet captures.

sup3rsprt said:

you can do MITM or MAC spoofing on just about any router. Mirrored port will require special firmware on Linksys.

ok you know of any guides that I can use to do that? what software is used?

btw started playing around with microsoft network minotor 3.3, I noticed there is "My trafic" and "Other Trafic" sections, under "My trafic" I can see the applications that are on my PC that are using the net. on "other trafic" I can see the IP Addresses that are on the network, one of them I can't even ping but I can see some information on it, but not detailed, like I don't know what applications are being used and how much badwidth, here is a screen shot:

sup3rsprt said:

akramh has a Linksys router. Why you talking about DMZ?



Wireshark can monitor in promiscuous mode depending on your NIC and depending on if your wireless NIC supports monitor mode. I think you should be able to sniff other people's traffic with it, but it is not a very good solution unless you're an expert at reading packet captures.

I suggested wireshark because its easy and free. I could have just as easily said MS, so. I said observer, and etherpeek in case the OP ever gets to the point where he know enough to want more, and Yes I am expert an captures, but he isn't when he plays some he will ask more questions and after all isn't that why we do this? We are here to help not bicker.

Ken

akramh said:

ok you know of any guides that I can use to do that? what software is used?

This will help you learn about MITM.

SlimJim100 - Live Demo of Cain & Able and the Man-in-the-middle-attack from Outerz0ne 5 (Hacking Illustrated Series InfoSec Tutorial Videos)

Once you are routing everyone's traffic, Wireshark will be much more effective.