Packet sniffer required

[eugeneg]

I would like to install software to help me identify whether any machine is using an IP address already allocated elsewhere. Perhaps a packet sniffer that could list IPs and corresponding MAC addresses would be ideal. Would someone please suggest such a package.

[rowa]

you can use wireshark

[BrowserXL]

Alternatively you could tcpdump, but I guess in both cases you won't see what you want.

Cap driven software sniffs packets that pass by its interface (your network card). That means that you either see traffic that is send by unicast to your mac or via broadcast/multicast to a number of hosts in the same subnet/multicast group. All other unicast traffic goes past your interface and you won't see it, except you have a switch in between that could mirror a whole subnet to that one port (which would bring other problems, which need to be considered).
Since you want to scan the subnet for other active ip addresses you would need a broader approach like a port scanner for example. On a windows plattform I liked the (now discontinued) Look@Lan for that task. It scanned the range you specified, listed the host with ip, mac, os, snmp status and ports open for contacting. This was displayed in a handy list and could be repeated in intervals to check the availability of important nodes in your LAN.
I think this would be the software you are looking for. Unfortunately its only my second week on a Linux Box and I haven't yet looked for such a tool.

Cheers
XL

[eugeneg]

Thanks for the words. I installed Wireshark but was unable to run it (no interfaces) so I turned to the documentation. That directed me to Configure.help but I haven't been able to find that.
Given XP's comments perhaps I shouldn't spend too much time trying to get it to work.
I'm new to Linux too.

[rowa]

you can run wireshark only from root, so you must to open a bash shell and write:

Code: Select all

 
sudo wireshark

you write your pass and then wireshark should see you network.

[eugeneg]

Thanks. Not knowing what a 'bash shell' was I ran terminal and typed as instructed. The error message is too cryptic for the likes of me I'm afraid:
Lua: Error during loading: [string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled

Anyway, I got past that and saw some results. Given XP's comments that it may not be what I want, and also the complexity of it compared to my little brain, I will probably not continue too much further.
I really just need to get the MAC and IP addresses of those on the LAN so I can figure out which machines are set for static IP allocation.
Thanks to those who took the time to reply.

[BrowserXL]

One thing came to my mind which I haveń't thought earlier. You could try nmap. Give it a spin. It can probably deliver what you are looking for. Its quite cumbersome to handle it from the console, but should yield the results you are looking for.

Understanding Wireshark and putting it to proper use is quite a task. I had my first contact with its predecessor Etherreal in 2003 and since then it became one of the most important tools for my daily work. Yet it took me quite some time to understand what I am actually seeing and how to put it into relation to the problems that I tried to troubleshoot. Additionally the interface is not really streamlined and self explanatory sometimes, so that I still learn a thing or two from about it from time to time.
Don't delete it though. One never knows when it might come in handy

Also starting to look at sampletraces with it, to understand how certain protocols work, can be quite helpful. http://packetlife.net/ is a perfect site for that.

Cheers XL

[zerozero]

due to the dubious nature of the subject and under section [4] of the forum rules http://forums.linuxmint.com/viewtopic.php?f=17&t=83314 locking the topic