From: "Lewis G Rosenthal" Received: from [192.168.100.201] (account lgrosenthal HELO [192.168.100.18]) by 2rosenthals.com (CommuniGate Pro SMTP 5.1.3) with ESMTPA id 702941 for os2-wireless_users@2rosenthals.com; Sat, 13 Jan 2007 11:11:42 -0500 Message-ID: <45A9049E.7070307@2rosenthals.com> Date: Sat, 13 Jan 2007 11:11:10 -0500 Organization: Rosenthal & Rosenthal, LLC User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; en-US; rv:1.9a2pre) Gecko/20061222 MultiZilla/1.8.3.0a SeaMonkey/1.5a MIME-Version: 1.0 To: OS/2 Wireless Users Mailing List Subject: Re: [OS2Wireless]OT Packet sniffers References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi, Dave... On 01/10/07 03:35 am, Dave Saville thus wrote : > OT for WIFI but may prove useful to somebody I hope. > > I am having a problem with a Zyxel ATA and a Zyxel router. Their support is > being very helpful and suggested that the next time I had the problem a network > trace would be helpful. So I started looking for a solution only to find there > is not one for OS/2. I did find some code on Hobbes but it is very old and > obviously suffering from software rot as it threw loads of errors when I tried > to compile it. :-) > > Golden Code Network Trace: http://www.goldencode.com/company/software/nto/nto.html. I have a license for this (they also have a Java-driven analyzer: http://www.goldencode.com/company/software/jta/jta.html). I haven't used it yet, oddly enough. My intention was to utilize it while working with Wi-Fi networks, and then to get that port of Kismet working to the point where I could use that to analyze the trace files. When I get to the point of using an analyzer again, I'll just purchase their Java app. Pricing for Network Trace is $99 US, and $299 US for the analyzer. > I then recalled that my Solaris box almost certainly had snoop on it and that > proved to be the case so I ensured I could trace the two boxes. > > :-) > This morning I once again gave some brain cells over to an OS/2 solution and > had a flash of lateral inspiration. VPC using virtual switch puts your NIC into > promiscuous mode. In that case would OS/2's normal iptrace work - and the > answer is YES it traces all packets on the network. You need to actually have a > virtual machine running but that's all. > > True enough. The tracing I've done of late has been under SuSE Linux, with its built-in tools. Of course, Laura Chappel's stuff is highly recommended: http://www.packet-level.com/ . (Check out Laura's articles on the site, which are available for download.) > There is one big proviso in all this of course. The tracing machine and > whatever it is tracing *must* be connected by a HUB not a SWITCH. (Switches act > a bit like routers - they know what is connected to which port. Exactly. So many people do not realize how "intelligent" switches are (too smart for their own good, when you're trying to trace stuff). > You can see the > difference with ping. Ping a box on hub connected machines and all the lights > blink. Do the same thing with a switch and only the two machines concerned > blink.) > Yep!! -- Lewis ------------------------------------------------------------ Lewis G Rosenthal, CNA, CLP, CLE Rosenthal & Rosenthal, LLC Accountants / Network Consultants New York / Northern Virginia www.2rosenthals.com eComStation Consultants www.ecomstation.com Novell Users Int'l www.novell.com/openenterpriseserver Need a managed Wi-Fi hotspot? www.hautspot.com ------------------------------------------------------------