Thread: How to check computers connected?
View Single Post
  #8 (permalink)  
Old 02-23-2007, 06:24 PM
Jeff Liebermann
Guest
  
Posts: n/a
Default Re: How to check computers connected?
Kev <invalid@invalid.invalid> hath wroth:

>If I allow sharing or ICMP Echo on either Laptop then Lanspy will see them.

Where are you plugged in to do your sniffing? Locating a sniffer is
not a trivial exercise. In the typical home system, there is no
single place where you can see all the traffic.

If you're computah running Lanspy, Ethereal, etc is plugged into an
ethernet switch or into the switch on the back of the typical router,
then it will not see any traffic other than broadcasts and it's own
traffic. The purpose of the switch is to not pollute the rest of the
network with un-necessary traffic. If you replaced the switch with an
ethernet hub, which is essentially a repeater where all traffic going
into any port appears on the other ports, you will be able to see the
other traffic.

For sniffing internet traffic (bear with me for this diversion) you
need to add a hub (not a switch). The general arrangement is:

DSL or cable router ====== PC
modem ========== ethernet ======= and ethernet ====== Linux
hub (not switch to other ====== MAC
a switch) computers
|
|
|
\============= monitor computer
running the sniffer

With this arrangement, the monitor computer will see all internet
traffic, including intruders and attacks from the internet.

There are also products specfically available for doing sniffing.
<http://www.netoptics.com>
<http://www.networktaps.com>
<http://www.datacomsystems.com/products/taps/network-taps.asp>
You can also build your own (as I've done because I'm cheap).

If you specifically are trying to minitor just the wireless traffic,
it cannot be done in a "wireless router". That's because there's no
way to "tap" the traffic between the router section and the wireless
access point sections of the "wireless router". If you just plug into
one of the ethernet jacks on the back of the wireless router, you will
see broadcasts from various wireless attackers, but not see their
traffic.

The only place where you will see MOST of a wireless attackers traffic
is on the WAN side of the broadband link. If the wireless traffic is
mostly on the LAN side of the router, you will only see perhaps DNS
lookups from a wireless attacker. Another way is to sniff the
wireless traffic directly over the air, which gets only the wireless
traffic, and not those from the wired ethernet computers.

--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Reply With Quote