Archive for the 'Protocol Analysis' Category

If you’re new here, you may want to subscribe to my RSS feed. Not sure how to subscribe to a RSS feed? Read Subscribing to blogs the easy way. Thanks for visiting!I’ve noticed that the old Ethereal website is back up again after being offline for well over a year. The original Ethereal crew, including [...]

Chris Sanders is offering an online Wireshark training opportunity for the rather modest cost of $100. The course will cover analyzer placement on your cabling system, performing a network baseline and troubleshooting network latency.

like when you’re doing gigabit packet capture or packet injection, you’ll need a high performance ethernet card.

Sometimes you fall over a product and it blows you away. Network taps have until now been exotic hardware affordable only by large IT departments with the budget to match.
Not any more! nmon have brought out a range of low cost network taps and network traffic analysers with NetFlow support. Looks like network taps just [...]

One of the big problems in a switched network is to access reliably network traffic for analysis or monitoring purposes. Many solutions require changes either to the hosts being monitored or require modifications to your network infrastructure.
Many managed switches have the ability to mirror the traffic on one or more ports. Mirroring simply involves the [...]

Greg Conti has released a new version of rumint that now works with WinPcap 4.0.1. If you tried rumint before and had problems, I suggest you give it another go.

Protocol analysers are difficult tools to master. Though, once mastered you’ll see the pay-off in increased productivity for the rest of your career. Many technologies come and go, but the fundamentals of how networks work changes slowly.
You can slug it out with books but structured learning will help speed things along.
If self paced learning suits [...]

WinPCap is a great Windows based, open source driver for packet sniffing wire-based networks using a bog standard network interface card. WinPCap is licensed under the General Public License (GPL).
From a commercial software developers perspective, the GPL can be quite intimidating. Consequently, a lot of commercial developers won’t touch GPL’ed code with a very long [...]

Tools like the Test-Um Wi-Net are great for trouble shooting wireless networks. But, Wi-Net falls a long way short of giving you real technical insight into your wireless network. What do you do if you need more? Say, you need to capture packets and the like.
One solution is to use the WireShark + AirPcap combination.
WireShark [...]

One of the tools recommended in Chris Sander’s Practical Packet Analysis book is called Rumint.
Rumint is a free, open source packet visualization tool available for Microsoft Windows (written in Visual Basic.)
Roomint’s author, Greg Conti, has a book to be published by No Starch Press called Security Data Visualization.
One problem I’ve run into with Rumint [...]