From: Stroller <stroller@stellar.eclipse.co.uk>
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user] Sniffing / analysis of application / wifi packets on my LAN
Date: Thu, 7 Oct 2010 10:37:03 +0100 [thread overview]
Message-ID: <EB280CA3-FD47-4C42-991D-AA7BE563E271@stellar.eclipse.co.uk> (raw)
Hi there,
I'm interested in the activity of an application which is running on my LAN, and was wondering if anyone could offer some quick pointers on the best tools for this these days. I've played with this some years ago, but only very superficially - I think I used wireshark back then.
Ideally what I want to do is capture a big dump of the traffic over a couple of minutes (so it shouldn't be that much, right?) into a file and then analyse it afterwards based on destination IP, content &c. A couple of minutes should allow completion of at least 2 or 3 separate interactions with the server.
The network is mine, as is the device from which I'm capturing the data. I have a Belkin F5D7010 wifi card, which I think is based on a RaLink rt2x00 (rt2400 / rt2500) chipset, and I have my network's WPA key, so I think I can just set the wifi card in passive mode for sniffing. I'm pretty sure I experimented with this card in passive mode before, some years ago. Alternatively, I think I can plug the wifi access-point into my PC, bridge it to a second wired NIC and sniff what's going across the bridge (but I don't think this should be necessary).
What I'm expecting to see is some image, audio & html files &/or xml data transferred, and ideally I'd like to be able to extract it all and view it in its original format.
There's likely to be some inevitable other activity on the wLAN whilst this is happening - I'll try to minimise this, but I think the tools should be able filter out any crap I'm not interested in, right?
I'd prefer as much as possible to use CLI tools for capturing / analysing the data.
Thanks in advance for any quick pointers you can offer,
Stroller.
next reply other threads:[~2010-10-07 9:37 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-07 9:37 Stroller [this message]
2010-10-07 11:28 ` [gentoo-user] Sniffing / analysis of application / wifi packets on my LAN Jake Moe
2010-10-07 17:30 ` Stroller
2010-10-08 3:02 ` Adam Carter
2010-10-08 17:38 ` [gentoo-user] " Francesco Talamona
2010-10-08 18:48 ` Stroller
2010-10-07 12:05 ` [gentoo-user] " William Kenworthy
2010-10-07 13:31 ` Mick
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=EB280CA3-FD47-4C42-991D-AA7BE563E271@stellar.eclipse.co.uk \
--to=stroller@stellar.eclipse.co.uk \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox