program to sniff out data from a network

[j.o.s.h.1408]

Hi does anybody a similar programed of ettercaps that monitors data recieved and send on a home network for windows pc's? thanks

[kidzer]

Wireshark will display all frames received/sent by any NIC on your machine, it should do what you need.

[Jay]

what do you want to do exactly?

[chrestomanci]

what do you want to do exactly?

Good question. Without some sort of filtering you will get buried with information, and it will be hard to make sense of it. Ideally you want a program that will filter by type of traffic, port, or some search term, and then re-assemble streams for you so you can make sense of what is travelling down the wire.

[j.o.s.h.1408]

Good question. Without some sort of filtering you will get buried with information, and it will be hard to make sense of it. Ideally you want a program that will filter by type of traffic, port, or some search term, and then re-assemble streams for you so you can make sense of what is travelling down the wire.

yes i would like the program to filter it so i can read from a specific port or ip address

[Jay]

removed.

[j.o.s.h.1408]

removed.

what was removed?

[Agent]

yes i would like the program to filter it so i can read from a specific port or ip address

You need to tell us exactly what you want to do. You're being so vague its impossible to recommend you anything.
You also do realise you can only capture traffic that's going either through your machine (acting as a server, for example), or if both machines are connected to a hub (not switch / router)?

[Moby-Dick]

Depends on the switch

[Jay]

what was removed?

got my self all confused and my post made no sense at all!

[Agent]

Depends on the switch

True, but if he's asking a question like this, its almost certain he wont have one

[chrestomanci]

True, but if he's asking a question like this, its almost certain he wont have one

I thought that most switches could be made to work in hub mode by sending them packets addressed to non existent MAC addresses that are not in it's routing tables. The switch assumes that the mystery packets are addressed to a newly connected device and sends them to all ports untill that device replies, but it also gets confused and starts forwarding all packets it receives to all ports, i.e. acting as a hub. I would assume that any good packet sniffing software will have a facility to send these confuser packets in order to achieve that.

[Agent]

I thought that most switches could be made to work in hub mode by sending them packets addressed to non existent MAC addresses that are not in it's routing tables. The switch assumes that the mystery packets are addressed to a newly connected device and sends them to all ports untill that device replies, but it also gets confused and starts forwarding all packets it receives to all ports, i.e. acting as a hub. I would assume that any good packet sniffing software will have a facility to send these confuser packets in order to achieve that.

I've no idea if that's the case or not I was thinking more of it being SNMP enabled

If that is true though, seems a bit of a crazy way to do it, I wouldn't have thought it could have forwarded any packets to a device that wasn't in its routing table? I've honestly no idea

[Moby-Dick]

Its more about it having a "mirror" or "monitor" port.

Usually if you sent traffic to a switch for a MAc address thats not in its ARP table , then it'll send the traffic to the uplink port , if it has one

ARP tables can however be poisoned , which is what I suspect you are referring to