Uses
The versatility of packet sniffers means they can be used to:
Analyze network problems.
Detect network intrusion attempts.
Gain information for effecting a network intrusion.
Monitor network usage.
Gather and report network statistics.
Filter suspect content from network traffic.
Spy on other network users and collect sensitive information such as passwords (depending on any content encryption methods which may be in use)
Reverse engineer protocols used over the network.
Debug client/server communications.
Debug network protocol implementations.
Example uses
A packet sniffer for a token ring network could detect that the token has been lost or the presence of too many tokens (verifying the protocol).
A packet sniffer could detect that messages are being sent to a network adapter; if the network adapter did not report receiving the messages then this would localize the failure to the adapter.
A packet sniffer could detect excessive messages being sent by a port, detecting an error in the implementation.
A packet sniffer could collect statistics on the amount of traffic (number of messages) from a process detecting the need for more bandwidth or a better method.
A packet sniffer could be used to extract messages and reassemble into a complete form the traffic from a process, allowing it to be reverse engineered.
A packet sniffer could be used to diagnose operating system connectivity issues like web,ftp,sql,active directory,etc.
A packet sniffer could be used to analyse data sent to and from secure systems in order to understand and circumvent security measures, for the purposes of penetration testing or illegal activities
http://www.colasoft.com/download/capsa_overview.php
Posts
No comments:
Post a Comment