Great Circle Associates Firewalls
(April 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: RE: PC based sniffer (Token Rings?)
From: "William Bradley Paris (Volt Comp)" <a-billp @ microsoft . com>
Date: Thu, 25 Apr 1996 09:05:40 -0700
To: "'firewalls @ greatcircle . com'" <firewalls @ greatcircle . com>, "'mulligaj'" <mulligaj @ lafvax . lafayette . edu> 
There are fewer token ring cards that support Promiscuous mode than
Ethernet: i.e. the IBM chipset will not do PMode, which eliminates most
IBM & 3Com NICs.  This is somewhat historical as PMode cards allow
people to sniff the network, and IBM felt this was insecure and
inappropriate in the past.  Also, in some TR Specs the are warning
packets sent out before a card goes into PMode, and the are packets that
can force a card out of PMode.  Whether this is implemented is up to the
card manufacturer.

Search Microsoft's home page for NICs compatible with Network Monitor. 
This should give you an idea of what should work.  I would also suggest
looking at Network Monitor as your sniffer.  A reduced function version
is ship with NT4 Betas, while the full program is available with SMS
server.  

Brad

Warning: I may be prejudice about Netmon as I tested for a while, and my
comments reflect in no way, any policy, plans or programs of Microsoft
or my employer.
>----------
>From: 	mulligaj[SMTP:mulligaj @
 lafvax .
 lafayette .
 edu]
>Sent: 	Tuesday, April 23, 1996 6:12 PM
>To: 	firewalls @
 greatcircle .
 com
>Subject: 	RE: PC based sniffer (Token Rings?)
>
>At 07:57 PM 04/23/96, you wrote:
>>>| I've seen responses for ethernet sniffers, is there any software
>>>available
>>>| for sniffing your SLIP/PPP dial connection?  I'm using ShivaPPP ndis
>>>dialer
>>>| and its trace features are pretty limited - can count IP pkts, but can't
>>>| see inside them.
>
>Is it any differnt to sniff on a token ring system than it is to sniff
>on an
>ethernet?  I know the theory behind each is different, but would the
>same
>software work?  
>
>If not... could someone suggest PC based Token Ring (IBM) sniffers?
>
>Thanks.
>John
>
>_________________________________________________________
>John P. Mulligan <mulligaj @
 lafayette .
 edu> 
>PGP PUBLIC KEY available at  http://www.lafayette.edu/~mulligaj
>_________________________________________________________
>"Perhaps you think your Email is legitimate enough that encryption is
>unwarranted. If you really are a law-abiding citizen with nothing to
>hide,
>then why don't you always send your paper mail on postcards? ... Are
>you trying to hide something?"   --- Pretty Good Privacy (PGP) Manual
>
>
Indexed By Date Previous: Re: Access List Review
From: amolitor @ anubis . network . com (Andrew Molitor)
Next: Re: VNPs and things --
From: Boyd Roberts <boyd @ france3 . fr>
Indexed By Thread Previous: RE: PC based sniffer (Token Rings?)
From: Rabid Wombat <wombat @ mcfeely . bsfs . org>
Next: RE: PC based sniffer (Token Rings?)
From: Adam Safier <asafier @ csc . com>
Google
 
Search Internet Search www.greatcircle.com