issuhub.com

CEH

(Jeff_L) #1

Using a Sniffer 213


In terms of LI, typically the sniffing process is looked at as having three

components. The first component is an intercept access point (IAP) that

gathers the information for the LI. The second component is a mediation

device supplied by a third party that handles the bulk of the information

processing. The third component is a collection function that stores

and processes information intercepted by the third party.

Sniffing Tools


Sniffing tools are extremely common applications. A few interesting ones are:


Wireshark One of the most widely known and used packet sniffers. Offers a tremendous
number of features designed to assist in the dissection and analysis of traffic.


TCPdump A well-known command-line packet analyzer. Provides the ability to intercept
and observe TCP/IP and other packets during transmission over the network. Available at
http://www.tcpdump.org.


Windump A port of the popular Linux packet sniffer TCPdump, which is a command-line
tool that is great for displaying header information.


Omnipeek Manufactured by WildPackets, OmniPeek is a commercial product that is the
evolution of the product EtherPeek.


Dsniff A suite of tools designed to perform sniffing with different protocols with the
intent of intercepting and revealing passwords. Dsniff is designed for Unix and Linux plat-
forms and does not have a complete equivalent on the Windows platform.


EtherApe A Linux/Unix tool designed to graphically display a system’s incoming and out-
going connections.


MSN Sniffer A sniffing utility specifically designed for sniffing traffic generated by the
MSN messenger application.


NetWitness NextGen Includes a hardware-based sniffer, along with other features,
designed to monitor and analyze all traffic on a network; a popular tool in use by the FBI
and other law enforcement agencies.


The sniffing tools listed here are only a small portion of the ones avail-

able. It is worth your time to investigate some of these, or all if you have

the time, to improve your skills. We will cover only Wireshark in this book

because it is the recognized leader. Anything you learn with this sniffer

will work with the others—it’s just a matter of learning a new interface.
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.