Packet sniffer required

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read this

Packet sniffer required

Postby eugeneg on Sun Mar 17, 2013 9:33 am

I would like to install software to help me identify whether any machine is using an IP address already allocated elsewhere. Perhaps a packet sniffer that could list IPs and corresponding MAC addresses would be ideal. Would someone please suggest such a package.
eugeneg
Level 1
Level 1
 
Posts: 27
Joined: Tue Sep 14, 2010 7:42 am

Linux Mint is funded by ads and donations.
 

Re: Packet sniffer required

Postby rowa on Sun Mar 17, 2013 10:17 am

you can use wireshark
rowa
Level 1
Level 1
 
Posts: 6
Joined: Sun Mar 17, 2013 9:28 am

Re: Packet sniffer required

Postby BrowserXL on Sun Mar 17, 2013 11:52 am

Alternatively you could tcpdump, but I guess in both cases you won't see what you want.

Cap driven software sniffs packets that pass by its interface (your network card). That means that you either see traffic that is send by unicast to your mac or via broadcast/multicast to a number of hosts in the same subnet/multicast group. All other unicast traffic goes past your interface and you won't see it, except you have a switch in between that could mirror a whole subnet to that one port (which would bring other problems, which need to be considered).
Since you want to scan the subnet for other active ip addresses you would need a broader approach like a port scanner for example. On a windows plattform I liked the (now discontinued) Look@Lan for that task. It scanned the range you specified, listed the host with ip, mac, os, snmp status and ports open for contacting. This was displayed in a handy list and could be repeated in intervals to check the availability of important nodes in your LAN.
I think this would be the software you are looking for. Unfortunately its only my second week on a Linux Box and I haven't yet looked for such a tool.

Cheers
XL
Cigarettes are a lot like hamsters ... harmless until you put one in your mouth and light it on fire.
User avatar
BrowserXL
Level 1
Level 1
 
Posts: 31
Joined: Wed Mar 13, 2013 7:50 am
Location: Northern Germany

Re: Packet sniffer required

Postby eugeneg on Sun Mar 17, 2013 12:03 pm

Thanks for the words. I installed Wireshark but was unable to run it (no interfaces) so I turned to the documentation. That directed me to Configure.help but I haven't been able to find that.
Given XP's comments perhaps I shouldn't spend too much time trying to get it to work.
I'm new to Linux too.
eugeneg
Level 1
Level 1
 
Posts: 27
Joined: Tue Sep 14, 2010 7:42 am

Re: Packet sniffer required

Postby rowa on Sun Mar 17, 2013 12:35 pm

you can run wireshark only from root, so you must to open a bash shell and write:

Code: Select all
 
sudo wireshark


you write your pass and then wireshark should see you network.
rowa
Level 1
Level 1
 
Posts: 6
Joined: Sun Mar 17, 2013 9:28 am

Re: Packet sniffer required

Postby eugeneg on Sun Mar 17, 2013 1:05 pm

Thanks. Not knowing what a 'bash shell' was I ran terminal and typed as instructed. The error message is too cryptic for the likes of me I'm afraid:
Lua: Error during loading: [string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled

Anyway, I got past that and saw some results. Given XP's comments that it may not be what I want, and also the complexity of it compared to my little brain, I will probably not continue too much further.
I really just need to get the MAC and IP addresses of those on the LAN so I can figure out which machines are set for static IP allocation.
Thanks to those who took the time to reply.
eugeneg
Level 1
Level 1
 
Posts: 27
Joined: Tue Sep 14, 2010 7:42 am

Re: Packet sniffer required

Postby BrowserXL on Sun Mar 17, 2013 1:31 pm

One thing came to my mind which I haveń't thought earlier. You could try nmap. Give it a spin. It can probably deliver what you are looking for. Its quite cumbersome to handle it from the console, but should yield the results you are looking for.

Understanding Wireshark and putting it to proper use is quite a task. I had my first contact with its predecessor Etherreal in 2003 and since then it became one of the most important tools for my daily work. Yet it took me quite some time to understand what I am actually seeing and how to put it into relation to the problems that I tried to troubleshoot. Additionally the interface is not really streamlined and self explanatory sometimes, so that I still learn a thing or two from about it from time to time.
Don't delete it though. One never knows when it might come in handy ;)

Also starting to look at sampletraces with it, to understand how certain protocols work, can be quite helpful. http://packetlife.net/ is a perfect site for that.

Cheers XL
Cigarettes are a lot like hamsters ... harmless until you put one in your mouth and light it on fire.
User avatar
BrowserXL
Level 1
Level 1
 
Posts: 31
Joined: Wed Mar 13, 2013 7:50 am
Location: Northern Germany

Re: Packet sniffer required

Postby zerozero on Sun Mar 17, 2013 4:50 pm

due to the dubious nature of the subject and under section [4] of the forum rules viewtopic.php?f=17&t=83314 locking the topic
User avatar
zerozero
Level 16
Level 16
 
Posts: 6435
Joined: Tue Jul 07, 2009 2:29 pm

Linux Mint is funded by ads and donations.
 

Return to Other networking topics

Who is online

Users browsing this forum: No registered users and 6 guests