Search code examples
securitynetwork-programmingtor

Logging data passing through network


Problem
I have just started to scratch the surface of this topic so excuse me if I'm formulating the question a bit strange and novice. Let's say I'm on a wireless network which I am right now, and I want to see all the data that is flowing in and out of this network from other clients connected to the network. I remember reading a book about someone doing this while being connected to the Tor network and it got me thinking about how this is done.

Questions
A: what is this process called?

B: How is it done?


Solution

  • A: It's call packet analyzing / packet sniffing.

    B: In an unswitched network (e.g. a wifi network or hub), all you need is a network card that supports promiscuous mode and some software, as mentioned by sdanzig.

    In a switched environment (e.g. most modern wired networks), you need to use a Layer 3 switch and set it up to mirror the traffic you're interested in to the port to which you are connected. (Otherwise your network adapter won't 'see' the other traffic.)

    Some tools:

    http://www.dmoz.org/Computers/Software/Networking/Network_Performance/Protocol_Analyzers/

    Related topics on SO:

    https://stackoverflow.com/questions/tagged/packet-sniffers https://stackoverflow.com/questions/tagged/packet-capture