Network Sniffer That Works Across Multiple Interfaces

I have a packet spoofing problem and I want to find a network sniffer that will allow me to look for any packet that has source or client IP set to a specific value on *any* attached interface. I use ethereal and wireshark, and they appear to make you select only one interface.

Is there a commercial sniffer that allows the user to sniff across five or more network interfaces simultaneously?

Assume the target OS is Windows 2003 Server or higher, and that the server has five or more gigabit ethernet interfaces installed, each of which is configured as a separate Class C IP subnet.

Reply to
Loading thread data ...

the original Sniffer (network general / network associates?) has the same limitation at least in the older version i have access to.

But you can run multiple instances on the same machine and monitor different interfaces.

according to

formatting link
each running wireshark only listens to a single interface, but you can have multiple copies running on the same system listening to different interfaces.

Reply to

All clear, but to start up a sniffer 20 times on one computer and track all of those windows and interfaces is at very least a monumental hassle.

For a case where you have some rogue IP address somewhere on one of those interfaces, it would be so much more convenient to find a sniffer that looks at all of the interfaces simultaneously.

Is there any sniffer that would allow a programmatic start and stop on each individual interface? Ideally it would write traces to human readable files that could be scanned for specific text patterns. We could at least write a program that automates the whole activity.

Reply to

write some filters to ignore the stuff you dont want (or pick out what you do).

you can use triggers to start and stop a sniffer.

i have left discovery systems looking for a fault pattern before.

the best way seems to be just save to a set of files and filter later (if the disk can keep up).

Or save to a circular buffer and trigger on a "stop" event, then write the file away.

Reply to
Stephen Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.