As someone with a security background and a generally curious mind, I spend a lot of time doing things on my network that I probably shouldn’t. At least, things that the IT department of any large company probably wouldn’t want me to do, cause they are supposedly the only ones who are allowed to do that sort of thing. Well, if you are managing a network and want to know who else out there is like me, then this article from Linux Journal provides some good tips for identifying eavesdroppers. A word of advice though: if you find someone else in the company looking at your packets, this isn’t necessarily a bad thing. Don’t jump all over them unless there is actually some indication that they have malicious intent. As a former Network Admin and IT Manager, I have learned that it can help to have the other people in your company who are in “the know” about networking on your side. I view this article as a good way to find those people, and also as a good way to locate and identify potential bots or compromised machines that might be sending your packets off-net.

In Search of a Sniffer from Linux Journal

Bookmark to:

The good folks over at Wireshark (formerly Ethereal) have a pretty comprehensive howto on capturing packets. While they wrote it specifically for use with Wireshark, it is also useful when working with any piece of equipment or software that requires you to get something off the wire (such as tcpdump, Snort or any other IDS software, NetSensory and more).

Wireshark Howto Capture

Bookmark to: