Wednesday, May 23, 2012

Snoop command

I have this issue, 
I trying to snoop some traffic on my network.. 
In order to catch all packets I am saving the output into a file. 
snoop -o bla.cap net 
My question is basicly if the (size of the file / time snooping) = bandwith per second... 
Do packets being saved in the file as thier real size?? 
No. Unless you have a very busy network. 
Snooping a network records the traffic sent, 
NOT the traffic possible. 

Depending on your settings, you may be recording either 
just the packet headers (I believe thats default), or you 
can identify the KIND of packets you want detail on, or 
you can record details on everything, which creates a 
huge file. 

In addition, you must be aware of virtual LANs (VLAN), 
segments, bridges, VPNs, firewalls, and ACLs to be 
certain of what traffic you are getting over your wire. 

Conventional snooping must be done over a SPAN 
port on the router to be effective. 

I didn't realy understood what you said..:\ 

I will ask again, 
lets say I catch 1 packet with the soop command and save it into a file using the -o option. 
Does the size of the file with the 1 packet is the size of the packet on the network? 

Yes, in output file are stored Ethernet frames as they pass thru the wire (if you have enough processor power and enough fast disks) 


Post a Comment

Design by BABU | Dedicated to grandfather | welcome to BABU-UNIX-FORUM