>I have a basic question - Can a sniffer trace packets on different subnets ?
>If so can anybody shed some light as to which would be a better buy for
>less $$ or any free-ware software that can do the same. Any help will >be
appreciated.
As the author of a free MS-DOS sniffer, ETHLOAD, I can say:
1) it is _VERY_ easy to receive all frames on a Ethernet segment with a
_VERY_ small program
2) due to firmware implementation, it is _OFTEN_ impossible to receive all
frames on a Token Ring
3) it is _IMPOSSIBLE_ to receive frames transmitted on a Ethernet segment
which is not local (my Sniffer in Belgium cannot receive your Ethernet
frames!) or which is repeated. Obvious exceptions: if the frame is bridged
to the destination via the LAN segment where the sniffer is tapped _OR_ if
the frame is routed (IP, DECnet, ...) via the LAN segment where the sniffer
is tapped.
Please be aware, that a TCP sniffing program can be developped in about 20
hours on a PC (or TCPdump ported to another Unix in a matter of hours) and
this program can get password (telnet, ftp, rlogin, ... send password as
clear text) very _EASILY_...
Sorry, for the obviousness of the answer and comment :-)
---
Eric Vyncke, Project Leader
Siemens Nixdorf - Centre Software de Liege - Belgium
EUnet: vyncke @
csl .
sni .
be Phone: +32-41-201654 Fax: +32-41-201642
|
|
