Mailing List os2-wireless_users@2rosenthals.com Archived Message #569

From: "Lewis G Rosenthal" <os2-wireless_users@2rosenthals.com> Full Headers
Undecoded message
Subject: Re: [OS2Wireless]OT Packet sniffers
Date: Sat, 13 Jan 2007 11:11:10 -0500
To: OS/2 Wireless Users Mailing List <os2-wireless_users@2rosenthals.com>

Hi, Dave...

On 01/10/07 03:35 am, Dave Saville thus wrote :
OT for WIFI but may prove useful to somebody I hope.

I am having a problem with a Zyxel ATA and a Zyxel router. Their support is
being very helpful and suggested that the next time I had the problem a network
trace would be helpful. So I started looking for a solution only to find there
is not one for OS/2. I did find some code on Hobbes but it is very old and
obviously suffering from software rot as it threw loads of errors when I tried
to compile it. :-)

  
Golden Code Network Trace: http://www.goldencode.com/company/software/nto/nto.html. I have a license for this (they also have a Java-driven analyzer: http://www.goldencode.com/company/software/jta/jta.html). I haven't used it yet, oddly enough. My intention was to utilize it while working with Wi-Fi networks, and then to get that port of Kismet working to the point where I could use that to analyze the trace files. <sigh> When I get to the point of using an analyzer again, I'll just purchase their Java app.

Pricing for Network Trace is $99 US, and $299 US for the analyzer.

I then recalled that my Solaris box almost certainly had snoop on it and that
proved to be the case so I ensured I could trace the two boxes.

  
:-)
This morning I once again gave some brain cells over to an OS/2 solution and
had a flash of lateral inspiration. VPC using virtual switch puts your NIC into
promiscuous mode. In that case would OS/2's normal iptrace work - and the
answer is YES it traces all packets on the network. You need to actually have a
virtual machine running but that's all.

  
True enough. The tracing I've done of late has been under SuSE Linux, with its built-in tools. Of course, Laura Chappel's stuff is highly recommended: http://www.packet-level.com/ . (Check out Laura's articles on the site, which are available for download.)
There is one big proviso in all this of course. The tracing machine and
whatever it is tracing *must* be connected by a HUB not a SWITCH. (Switches act
a bit like routers - they know what is connected to which port.
Exactly. So many people do not realize how "intelligent" switches are (too smart for their own good, when you're trying to trace stuff).
 You can see the
difference with ping. Ping a box on hub connected machines and all the lights
blink. Do the same thing with a switch and only the two machines concerned
blink.)  
Yep!!

--
Lewis
------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE
Rosenthal & Rosenthal, LLC
Accountants / Network Consultants
 New York / Northern Virginia           www.2rosenthals.com
eComStation Consultants                  www.ecomstation.com
Novell Users Int'l       www.novell.com/openenterpriseserver
Need a managed Wi-Fi hotspot?               www.hautspot.com
------------------------------------------------------------


Subscribe: Feed, Digest, Index.
Unsubscribe
Mail to ListMaster