NETWORK TROUBLESHOOTING: CAPTURING PACKETS OR NETWORK TRAFFIC
I have noticed that network hubs are well just about impossible to find these days. So in an effort to make better use of technology, I sought out a better way to do network snooping with wireshark.
Lets go back a bit. Say, you are in the situation where you really need to know whats going on in your network. You need to know the handshakes that are taking place becuase you need to troubleshoot… how to login to a pc for smb or you want to know whats going on with smtp or the like… this is a great aid in diagnosing those kinds of issues… and any other situations where knowing macine to machine communications in various protocols come in handy…
Now as I said in the old days, you would handle this with something called a network hub but these days thats about impossible to find.
You have a couple options:
1. build a passive ethernet hub, get three network cables, and a laptop
2. get yourself a passive network tap or build one, 4 network cables, 2 nic cards and a laptop
3. get a managed switch with port monitoring sometimes called ‘port mirroring’, ‘port monitoring’, ‘Roving Analysis’ (3Com), or ‘Switched Port Analyzer’ or ‘SPAN’ (Cisco) and connect your laptop on the assigned port and one to 3 nework cables
4. get yourself two network cables, two nics and a laptop and bridge the two nics
5. a laptop, network switch, three network cables, ettercap utility for man in the middle with arp poisoning or any other arp poisoning tool… note: if you don’t know what you are doing don’t use this software…
6. a laptop, network switch, three network cables, dsniff for mac flooding specifically macof utility that is part of the dsniff utility… note: if you don’t know what you are doing don’t use this software