Packet sniffers?
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||||||||
|
Posted by on August 24, 2008, 10:40 pm
Please log in for more thread options I'm trying to figure out why my XBox Live performance is so horrible, since I always shut down all internet activities on the PC's before trying to connect. I found out about packet sniffers today, and installed Wireshark. With every thing that I know of (email, web, download managers, etc.) shut down, I still have tons of packet activity. Is that normal? I have no idea how to make sense of what's going on, but there are many different IP's as the source, with the IP of my PC as the destination. | ||||||||||||||||||||||
|
Posted by Scott Perry on August 25, 2008, 8:57 am
Please log in for more thread options Wireshark, formerly known as Ethereal, is a free and excellent protocol analyzer. I encourage anyone involved in networking to use this product. I should also mention that Microsoft Windows has a free network protocol analyzer available. In the downloads section of the Microsoft website, look for Network Monitor 3.0. This is the packet sniffer that can be installed to Windows XP. Remember that a packet sniffer only shows data going through the switchport which you are connected to. If you are using an ethernet switch, you will not be able to see data going between other switchports. You need to be connected to a hub in order to see data from all ports. If your switch has a feature to allow a port to see all data on another port, then you can properly sniff another computer's traffic. Otherwise you need to put your sniffer software on the PC which is connected to the port that you want to monitor. If this is unclear, reference how an ethernet switch communicates unicast, multicast, and broadcast traffic for a more clear reason for sniffing complications. There will be ethernet frame activity even if the hosts (PCs, Xbox, etc...) are not actively trying to make a connection. You need to be aware of what frames and packets are going across the network when the hosts are idle: - ARP resolves MAC addresses for IP addresses. Hosts will broadcast to determine the MAC address to send traffic to for certian IP addresses or determine the MAC address of their default gateway for IP addresses outside of their IP subnet. - DHCP traffic will exchange when hosts without a static IP address boot - DNS traffic will exchange - Cisco routers and switches, by default, will send Cisco Discovery Protocol (CDP) every minute - Cisco routers and switches may send loop packets to determine if loops exist and if interfaces are up - Ethernet switches supporting spanning-tree protocol will send bridge protocol data units (BPDU) every 2 seconds to check for other spanning-tree switches and ethernet loops - Microsoft PCs running NetBIOS processes will advertise for a browse master every so often and perform election processes Also, Microsoft Windows Update will run after Windows PCs boot. This is attempted even if the PC is not connected to the Internet because the computer checks for a connection after booting. ----- Scott Perry Indianpolis, IN ----- | ||||||||||||||||||||||
|
Posted by on August 25, 2008, 9:27 am
Please log in for more thread options
Very helpful stuff. Thank you. Give me an internship where you work. :-) | ||||||||||||||||||||||
|
Posted by Scott Perry on August 25, 2008, 11:07 am
Please log in for more thread options
You would have to live in the same city. Then again, there are no internships for IT/MIS where I work or in my past positions. Even if so, then you would be better searching CareerBuilder, Dice, and a few other sites for CCNP, not CCNA. Too often companies list CCNA for Microsoft server jobs - do not ask me why. Several companies around here are still looking for networking, specifically Cisco, and not all of them are involving voice systems. Yeah, Cisco networking and voice are the ticket right now. ----- Scott Perry Indianapolis, IN ----- > Very helpful stuff. Thank you.
> Give me an internship where you work. :-) | ||||||||||||||||||||||
|
Posted by on August 25, 2008, 12:06 pm
Please log in for more thread options
On Mon, 25 Aug 2008 11:07:44 -0400, "Scott Perry" >You would have to live in the same city.
My house if for sale as we speak. :-) I would love to get something where I could learn on-the-job, but I know that's a pipe dream these days. | ||||||||||||||||||||||
| Similar Threads | Posted |
| Packet sniffers? | August 24, 2008, 10:40 pm |
| Packet Tracer | April 6, 2008, 5:14 am |
| Packet Tracer | June 18, 2008, 5:22 am |
| PAcket /Circuit switched? | July 18, 2006, 4:11 am |
| Packet and circuit switching | August 7, 2006, 11:14 am |
| Packet Tracer homework problem | October 19, 2008, 3:22 pm |
> since I always shut down all internet activities on the PC's before
> trying to connect.
>
> I found out about packet sniffers today, and installed Wireshark.
>
> With every thing that I know of (email, web, download managers, etc.)
> shut down, I still have tons of packet activity. Is that normal?
>
> I have no idea how to make sense of what's going on, but there are
> many different IP's as the source, with the IP of my PC as the
> destination.