Freebie Network Sniffers?
13 January 2003, 12:06 PM
#1
Scooby Regular
Thread Starter
Join Date: Mar 2002
Location: Leics
Posts: 689
Likes: 0
Received 0 Likes
on
0 Posts
Are there such things as Freebie Network Sniffers out there?
Need one specifically to see which port on a firewall a particular application is trying to use.
Situation is this: All ports on firewall are closed apart from one for windows printing and one for citrix. We have another process that needs to get through, though we have no idea which TCP/IP port it would be trying to get through.
Are there any decent freebies out there, or will we have to fork out (we being my work!)
Need one specifically to see which port on a firewall a particular application is trying to use.
Situation is this: All ports on firewall are closed apart from one for windows printing and one for citrix. We have another process that needs to get through, though we have no idea which TCP/IP port it would be trying to get through.
Are there any decent freebies out there, or will we have to fork out (we being my work!)
13 January 2003, 01:27 PM
#4
Scooby Regular
Join Date: Mar 1999
Posts: 4,518
Likes: 0
Received 0 Likes
on
0 Posts
If you cant get what you need from Firewall Logs/Interface Snooping (if its Unix) then try Ethereal
If you need some basic packet capture its fine. Interface is clunky (nasty Linux port) but useable. Doesn't have the "experts" or some of the protocol decides that Sniffer etc have - but then its free and works with most NICs.
(Un)fortunately (I wanted some proper software
) it did everything I needed to diagnose a NAT bug recently.
www.ethereal.com
Deano
If you need some basic packet capture its fine. Interface is clunky (nasty Linux port) but useable. Doesn't have the "experts" or some of the protocol decides that Sniffer etc have - but then its free and works with most NICs.
(Un)fortunately (I wanted some proper software
) it did everything I needed to diagnose a NAT bug recently.www.ethereal.com
Deano
13 January 2003, 01:33 PM
#5
Scooby Regular
Join Date: Jan 2003
Posts: 932
Likes: 0
Received 0 Likes
on
0 Posts
yep, a sniffer is not what you are after here.
Grab a copy of activeports which will reveal programs try/establish port connections. IF your running XP, I have heard that the netstat utility now has a new switch which will do this for you.
Easiest of all. Tell me what program it is, and I have a 95% chance of knowing which port and protocol it uses.
If you still wanna go for a sniffer most are free and there are loads out there.
I'm not a windows user, but if I remember correctly, ethereal does a sniffer for windows that is known for being one of the best. You can also check out things like snort. Although you are gonna need an understanding of packet structures, protocols etc. Leave your card out of promiscous mode. Most sniffers turn it on as standard.
Check www.securityfocus.com, blacksun.box.sk, neworder.box.sk, www.packetstormsecurity.nl and my mates site www.rishabhdara.com for more tools
Grab a copy of activeports which will reveal programs try/establish port connections. IF your running XP, I have heard that the netstat utility now has a new switch which will do this for you.
Easiest of all. Tell me what program it is, and I have a 95% chance of knowing which port and protocol it uses.
If you still wanna go for a sniffer most are free and there are loads out there.
I'm not a windows user, but if I remember correctly, ethereal does a sniffer for windows that is known for being one of the best. You can also check out things like snort. Although you are gonna need an understanding of packet structures, protocols etc. Leave your card out of promiscous mode. Most sniffers turn it on as standard.
Check www.securityfocus.com, blacksun.box.sk, neworder.box.sk, www.packetstormsecurity.nl and my mates site www.rishabhdara.com for more tools
13 January 2003, 02:25 PM
#6
Scooby Regular
Thread Starter
Join Date: Mar 2002
Location: Leics
Posts: 689
Likes: 0
Received 0 Likes
on
0 Posts
Easiest of all. Tell me what program it is, and I have a 95% chance of knowing which port and protocol it uses.
Think the software will be in your 5% unfortunately, it is a Financial Accounting package (not off the shelf), and it is one of the server processes that prints that is causing the problem.
The firewall is at one of our customers - we've already asked them for the firewall logs, and they haven't exactly been forthcoming!
I think they just said that the firewall logs are by port number and we'd need to know the port number (catch 22 - if we knew that the bu66er would probably work!)
Server process is on a W2000 server.
Think I'll find out if they can get the logs just to show everything and not just by port number!
Cheers for the replies.
Trending Topics
13 January 2003, 03:23 PM
#8
Scooby Regular
Join Date: Jan 2003
Posts: 932
Likes: 0
Received 0 Likes
on
0 Posts
13 January 2003, 03:25 PM
#9
Scooby Regular
Do you know what Firewall it is ?
You could open up any protocol with a defined source and destination. Then you can filter the logs on destination and it should tell you what port/protocol is being used.
You could open up any protocol with a defined source and destination. Then you can filter the logs on destination and it should tell you what port/protocol is being used.
13 January 2003, 03:26 PM
#10
Scooby Regular
Do you know what Firewall it is ?
You could open up any protocol with a defined source and destination. Then you can filter the logs on destination and it should tell you what port/protocol is being used.
You could open up any protocol with a defined source and destination. Then you can filter the logs on destination and it should tell you what port/protocol is being used.
Thread
Thread Starter
Forum
Replies
Last Post
Shark
Non Scooby Related
6
11 May 2001 05:52 PM
IWatkins
ScoobyNet General
1
24 October 2000 10:46 AM
Mick
Non Scooby Related
4
09 September 2000 11:45 PM