| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 104053 | 2009-10-15 01:44:00 | Packet sniffer | nofam (9009) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 820724 | 2009-10-15 01:44:00 | Can someone recommend me a good packet sniffer app? It needs to run on Server 2003. :thumbs: |
nofam (9009) | ||
| 820725 | 2009-10-15 01:47:00 | Wireshark (http://www.wireshark.org/) | stormdragon (6013) | ||
| 820726 | 2009-10-15 02:01:00 | +1 For Wireshark. Insame amount of configurability. Read the documentation:D |
Blam (54) | ||
| 820727 | 2009-10-15 02:53:00 | Smartsniff (www.nirsoft.net) portable binary, no install required. | fred_fish (15241) | ||
| 820728 | 2009-10-15 03:48:00 | Another vote for wireshark - it's very, very good. | Erayd (23) | ||
| 820729 | 2009-10-15 03:51:00 | Another vote for wireshark - it's very, very good. Too good I fear; it was logging HUGE amounts of traffic, in far more detail than I needed. I was running on a Terminal Server though :p Went with Smartsniff and it confirmed what I needed to know almost instantly. Thanks all!! |
nofam (9009) | ||
| 820730 | 2009-10-15 17:56:00 | Can I ask what it was that you needed to find out ? Got me curious now :D | Chilling_Silence (9) | ||
| 820731 | 2009-10-15 19:18:00 | Can I ask what it was that you needed to find out ? Got me curious now :D The local LAN I administrate has over 100 PC's/servers/laptops, and various PC's (and most recently the Terminal Server) have been getting w32.downadup infections. Patching things is easy, but trying to find the source of the infections isn't quite so easy, so I used Smartsniff to watch all the IP's sending/receiving to/from the Terminal Server, and two instantly started hammering away at it - i.e. where most devices had sent around 100 packets to it, these two had sent several thousand. Funny thing was that one of them was the GM's PC - he'd been to Vietnam recently, and plugged a USB key full of photo's into his PC that had been in all his friends computers while he showed off his holiday snaps. :rolleyes: I think how it happened was that while he was away, his hard drive cooked itself, and when I rebuilt his PC, I didn't explicitly patch it with MS08-067; just though that would come through with all the other critical MS updates? |
nofam (9009) | ||
| 820732 | 2009-10-15 21:04:00 | Haha, nice :D | Chilling_Silence (9) | ||
| 1 | |||||