We show you how to see what data is traveling over the network, and the different hardware to help you with networking at home or at school!
MidBit Technologies: SharkTap Gigabit Ethernet Sniffer
- Will do 10/100/1000
- PoE Passthrough
- 350mA draw at 5volts (USB Powered)
- Aggregates both sides of the conversation to the receive port on the tap
-- (This DOES mean that if the total aggregate bandwidth exceeds 1Gbps, packets will drop
* Drops any packets going into the Tap port
Step 1: Get a Tapping device
- Gig, 10/100, aggregating, tap, hub, SPAN/Mirror port
- See episode 63 of “Know How”
- Padre prefers the Netoptics Gig Zero Delay Tap – But that runs $700-$1000 USED!
- A much more affordable option is the “Throwing Star LAN Tap Pro” from the HakShop - $39.99
* But my new AFFORDABLE favorite is the SharkTap
Step 2: Get a device capable of receiving the tap data stream
- Anything with a WIRED port that is capable of receiving the full speed of your chosen tap
- USB adapters are fine but remember that USB 2.0 devices top out at 480Mbps. If you’re using a Gig tap, you’ll drop traffic once the pipe is less than half full.
Step 3: Get Wireshark (www.wireshark.org)
- Mac/PC/Linux – 32/64bit – Choose the version that is right for you.
Step 4: Choose where to place your tap
- The tap will capture the traffic going between the two devices on either side of the tap.
- Tapping the Externals will give you ALL devices on your network.
- Tapping the Wireless AP will give you ONLY the devices connected wirelessly
- Tapping a specific desktop/laptop/set-top box will give you ONLY that traffic
Step 5: Capture
Step 6: Analyze
Looking for Outgoing Streams: Are you a Spambot?
- Filter for SMTP: Look for SMTP packets when your computer is supposedly idle
- Filter for DNS: look for sites you don't recognize.
Looking for "Top Talkers"
- Statistics – "Conversations" – "IPv4"
- Click "Bytes" to sort by Top Talkers
You can see the origin and destination of your traffic
Looking for Usernames/Passwords in the clear
- In the "Filter" field, type " – "tcp contains username"
This will give you all the packets that contain the string "username" in the clear
Looking for Network Congestion
Connect with us!
- Don't forget to check out our large library of projects at https://twit.tv/shows/know-how.
- Join our Google+ Community.
- Tweet at us at @PadreSJ, @Cranky_Hippo, and @Anelf3.
Thanks to CacheFly for the bandwidth for this show.