Sniffing Tools

00:00

Hey, everyone, welcome back to the course in this video. We're just gonna go over some of the common sniffing tools that you can use,

00:06

so we'll talk about the different types of tools that we can use for sniffing. Probably one of the more common ones is gonna be wire shark.

00:14

So why your shark is a packet capture tools. So what does that mean? Well, basically, as the name implies, we're capturing the packets of data. This could be different. Things could contain different information. A Zai talked about before could also contain user credential information.

00:30

Now, one thing to keep in mind is that wire shark uses Wimpy Cap s so it can Onley capture information on networks that are using wimpy cap.

00:40

And we're shark gives us an option of a lot of different types of filters. So the filters allow us to get just the data that we need. For example, we could filter by, like, protocol eso things like TCP http, https, DNs, etcetera. We could monitor specific ports and so we could be just looking for information on

01:00

let's just say telnet port 23.

01:02

We could filter by a specific I p address ranges.

01:06

Um, other filters as well, right? Specific I p addresses that were looking for frame numbers, etcetera, etcetera

01:12

and wire Shark captures that network traffic from a variety of sources. Right. So, Ethernet, you can capture Bluetooth I Tripoli eight or 2.11 USB frame relays, etcetera, etcetera.

01:26

Next, we have still central packet analyzer, which actually gives us a gooey interface toe work with.

01:32

And this offers us high speed packet analysis

01:36

and then TCP dump slash wind dump. Uh, two different tools, but one for Lennox, one for Windows. So TCP dump is used for Lennox for UNIX systems. And then Wyndham, of course, running on Windows systems again, just a command line interface for sniffing the network traffic. So wire shark a TCP dumped

01:53

are some of the more common ones that you'll actually see

01:57

in use in the real world.

01:59

And then we've got other tools, like capsules Network analyzer, Omni Peaks Network Analyzer. This one's displays a Google map

02:07

which shows the location of all the public I p addresses of the capture packets. So this is a good way to actually monitor the network in real time on then show where in the world. Is that traffic actually coming from?

02:17

We've also got observers Packet analyzer. So this one gives you Ah, good drill down into network traffic. And then it also provides things like back in time analysis, trending alarms, reporting, um, even route monitoring capabilities.

02:34

Sniff O Matic. We also have cola. Soft packet builder. Um, this is one you want to know for the ch exam, you'll probably or you may see this on there. This one allows you to select. Provided us, um, pre made templates. So essentially things like Ethernet packet or our packet so you can essentially

02:53

grab those templates, and then you can change the parameters in the editor.

02:57

Um, it also offers you Hexi decimal editor as well as an ask e editor. So if you want to create your own packets So just a quick, quick question here for you. Which of these particular tools doesn't have a gooey interface? So it's a win dump wire shark or TCP dump.

03:16

Alright, so kind of a trick question there, right? There was more than one answer. So when dump a TCP dump are too, if you recall that are done via the command line interface.