Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Enthusiast Zone > Networking > Packet Sniffers for OSX

Packet Sniffers for OSX
Thread Tools
Orion27
Mac Elite
Join Date: Aug 2002
Location: Safe House
Status: Offline
Reply With Quote
Dec 27, 2003, 08:40 PM
 
I'm looking for a a packet sniffer for OSX. Any simple programs out there to sniff a windows network from my Mac. Just trying to confirm personal privacy while connected to the Network.
     
legacyb4
Mac Elite
Join Date: May 2001
Location: Vancouver
Status: Offline
Reply With Quote
Dec 27, 2003, 10:56 PM
 
Try:

MacSniffer

Cheers.

Originally posted by Orion27:
I'm looking for a a packet sniffer for OSX. Any simple programs out there to sniff a windows network from my Mac. Just trying to confirm personal privacy while connected to the Network.
     
Scotttheking
Moderator Emeritus
Join Date: Dec 2000
Location: College Park, MD
Status: Offline
Reply With Quote
Dec 27, 2003, 11:09 PM
 
Ethereal.
My website
Help me pay for college. Click for more info.
     
kampl
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status: Offline
Reply With Quote
Dec 28, 2003, 12:57 AM
 
I prefer tcpdump or snort, but Ethereal was mentioned also from the GUI contingent (which I use for a quick-over from time to time). All of these will do what you want, but none are built in save for tcpdump (I think, used to be built-in anyway).

Traffic analysis is an interesting beast and can be difficult depending on what you are looking for. From a security standpoint I would recommend Honeynet but it assumes a rudimentary knowledge of traffic analysis.

Stanford Books Online should help out. TCP/IP Illustrated is a very good guide to look into.
( Last edited by kampl; Dec 28, 2003 at 01:16 AM. )
     
kampl
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status: Offline
Reply With Quote
Dec 28, 2003, 01:23 AM
 
Originally posted by kampl:
I prefer tcpdump or snort, but Ethereal was mentioned also from the GUI contingent (which I use for a quick-over from time to time). All of these will do what you want, but none are built in save for tcpdump (I think, used to be built-in anyway).

Traffic analysis is an interesting beast and can be difficult depending on what you are looking for. From a security standpoint I would recommend Honeynet but it assumes a rudimentary knowledge of traffic analysis.

Stanford Books Online should help out. TCP/IP Illustrated is a very good guide to look into.
Can someone sticky that last link? It may be very useful to others.
     
Orion27  (op)
Mac Elite
Join Date: Aug 2002
Location: Safe House
Status: Offline
Reply With Quote
Dec 28, 2003, 10:49 AM
 
Thanks guys, I'll let you know which one I like.
     
Orion27  (op)
Mac Elite
Join Date: Aug 2002
Location: Safe House
Status: Offline
Reply With Quote
Dec 28, 2003, 11:06 AM
 
Just to fill in. I'm new to networking, I'm the only Mac on a Win 2K LAN. Administration is outsourced and we have high speed T1 internet. I'm interested in the subject of security. I was researching spyware and came across some articles on network security. I'm not a techie in the fullest sense of the word but OS X has piqued my interest in the etherworld. Even if I gain a fuller understanding of security as opposed to hacking my way around networks it would be a benefit a least knowing the level of my security. I don't want ot be dependant on someone else for my security.
     
cdhostage
Mac Elite
Join Date: Jul 2001
Status: Offline
Reply With Quote
Dec 30, 2003, 12:07 AM
 
Ridge is useful, although I don't think it qualifies as a packet-sniffer.
Actual conversation between UCLA and Stanford during a login on early Internet - U: I'm going to type an L! Did you get an L? S: I got one-one-four. L! U:Did you get the O? S: One-one-seven. U: <types G> S: The computer just crashed.
     
siegzdad
Dedicated MacNNer
Join Date: Feb 2001
Location: a mile high, strapped to an oxygen tank
Status: Offline
Reply With Quote
Dec 30, 2003, 09:31 AM
 
My personal favorite is EtherPeek from WIldPackets. Does a lot of the analysis for you (useful if you are learning how to read dumps) and has a lot fo reporting capabilities. Unfortunately, its quite expensive...
iMac therefor iAm
     
kampl
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status: Offline
Reply With Quote
Dec 30, 2003, 09:06 PM
 
For looking into what your security posture is with your current configuration you can start with Nmap to see what you are offering to remote users.

To look for vulnerabilities in your server software versions and configurations you can give Nessus a try. Keep an eye out for false positives with this one. Depending on the scan configuration and what the NASL script is doing for penetration testing, you may run into reports on services that are not actually vulnerable to the attacks described.

Both are free and both will give you some insight as to where you stand. I believe current Nessus versions compile, but if not fink has a port as I recall.
     
siegzdad
Dedicated MacNNer
Join Date: Feb 2001
Location: a mile high, strapped to an oxygen tank
Status: Offline
Reply With Quote
Dec 31, 2003, 09:45 AM
 
If you are going to use Nmap or Nessus on a corporate network, be sure to have permission to run it. Most IT directors don't look kindly to those programs being run without permission.
iMac therefor iAm
     
kampl
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status: Offline
Reply With Quote
Jan 1, 2004, 11:02 PM
 
Originally posted by siegzdad:
If you are going to use Nmap or Nessus on a corporate network, be sure to have permission to run it. Most IT directors don't look kindly to those programs being run without permission.

I agree, if he were to pen test a remote host, but he seems to be concerned regarding his own security posture and what he has exposed that could potentially be a security issue. He can run attack scenarios against his own system without anyone noticing. The box doesn't even have to be on the network. As long as the stack is live and the services you want to check are up you can go right ahead without ever plugging in that patch cable or turning on that radio.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 12:46 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,