|
|
Packet Sniffers for OSX
|
|
|
|
Mac Elite
Join Date: Aug 2002
Location: Safe House
Status:
Offline
|
|
I'm looking for a a packet sniffer for OSX. Any simple programs out there to sniff a windows network from my Mac. Just trying to confirm personal privacy while connected to the Network.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2001
Location: Vancouver
Status:
Offline
|
|
Try:
MacSniffer
Cheers.
Originally posted by Orion27:
I'm looking for a a packet sniffer for OSX. Any simple programs out there to sniff a windows network from my Mac. Just trying to confirm personal privacy while connected to the Network.
|
|
|
|
|
|
|
|
|
Moderator Emeritus
Join Date: Dec 2000
Location: College Park, MD
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status:
Offline
|
|
I prefer tcpdump or snort, but Ethereal was mentioned also from the GUI contingent (which I use for a quick-over from time to time). All of these will do what you want, but none are built in save for tcpdump (I think, used to be built-in anyway).
Traffic analysis is an interesting beast and can be difficult depending on what you are looking for. From a security standpoint I would recommend Honeynet but it assumes a rudimentary knowledge of traffic analysis.
Stanford Books Online should help out. TCP/IP Illustrated is a very good guide to look into.
(
Last edited by kampl; Dec 28, 2003 at 01:16 AM.
)
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status:
Offline
|
|
Originally posted by kampl:
I prefer tcpdump or snort, but Ethereal was mentioned also from the GUI contingent (which I use for a quick-over from time to time). All of these will do what you want, but none are built in save for tcpdump (I think, used to be built-in anyway).
Traffic analysis is an interesting beast and can be difficult depending on what you are looking for. From a security standpoint I would recommend Honeynet but it assumes a rudimentary knowledge of traffic analysis.
Stanford Books Online should help out. TCP/IP Illustrated is a very good guide to look into.
Can someone sticky that last link? It may be very useful to others.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2002
Location: Safe House
Status:
Offline
|
|
Thanks guys, I'll let you know which one I like.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2002
Location: Safe House
Status:
Offline
|
|
Just to fill in. I'm new to networking, I'm the only Mac on a Win 2K LAN. Administration is outsourced and we have high speed T1 internet. I'm interested in the subject of security. I was researching spyware and came across some articles on network security. I'm not a techie in the fullest sense of the word but OS X has piqued my interest in the etherworld. Even if I gain a fuller understanding of security as opposed to hacking my way around networks it would be a benefit a least knowing the level of my security. I don't want ot be dependant on someone else for my security.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jul 2001
Status:
Offline
|
|
Ridge is useful, although I don't think it qualifies as a packet-sniffer.
|
Actual conversation between UCLA and Stanford during a login on early Internet - U: I'm going to type an L! Did you get an L? S: I got one-one-four. L! U:Did you get the O? S: One-one-seven. U: <types G> S: The computer just crashed.
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Feb 2001
Location: a mile high, strapped to an oxygen tank
Status:
Offline
|
|
My personal favorite is EtherPeek from WIldPackets. Does a lot of the analysis for you (useful if you are learning how to read dumps) and has a lot fo reporting capabilities. Unfortunately, its quite expensive...
|
iMac therefor iAm
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status:
Offline
|
|
For looking into what your security posture is with your current configuration you can start with Nmap to see what you are offering to remote users.
To look for vulnerabilities in your server software versions and configurations you can give Nessus a try. Keep an eye out for false positives with this one. Depending on the scan configuration and what the NASL script is doing for penetration testing, you may run into reports on services that are not actually vulnerable to the attacks described.
Both are free and both will give you some insight as to where you stand. I believe current Nessus versions compile, but if not fink has a port as I recall.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Feb 2001
Location: a mile high, strapped to an oxygen tank
Status:
Offline
|
|
If you are going to use Nmap or Nessus on a corporate network, be sure to have permission to run it. Most IT directors don't look kindly to those programs being run without permission.
|
iMac therefor iAm
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status:
Offline
|
|
Originally posted by siegzdad:
If you are going to use Nmap or Nessus on a corporate network, be sure to have permission to run it. Most IT directors don't look kindly to those programs being run without permission.
I agree, if he were to pen test a remote host, but he seems to be concerned regarding his own security posture and what he has exposed that could potentially be a security issue. He can run attack scenarios against his own system without anyone noticing. The box doesn't even have to be on the network. As long as the stack is live and the services you want to check are up you can go right ahead without ever plugging in that patch cable or turning on that radio.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|