Networking / Beginners

ngSniff

ngSniff is a little less robust than WinDump/tcpdump, but can be very handy to have in your network toolkit. The primary asset of ngSniff is that if you are using Windows 2000,Windows XP, or Windows Server 2003, you don't need to install any drivers to start capturing traffic. This makes it a much more attractive candidate when you need some quick insight into what is occurring on the network but don't want to run any setup programs or alter the drivers. If you type ngSniff with no options, it will show you the help screen and all the options ngSniff accepts. ngSniff -list-interfaces will list the available interfaces. To limit sniffing to only traffic to or from lab2003, you can enter ngSniff -interface 0 -only-host lab2003. Here is a sample capture of an SNMP message from 192.168.1.104 to 192.168.1.99.

IP HEADER 192.168.1.104 -> 192.168.1.99
------------------------------------------
IP->version: 4
IP->ihl: 5
IP->tos: 0
IP->tot_len: 77
IP->id: 20699
IP->frag_off: 0
IP->ttl: 128
IP->protocol: 17
IP->checksum: 13275

UDP HEADER
----------
UDP->sport: 4337
UDP->dport: 161
UDP->ulen: 57
UDP->checksum: 48040

----- Begin of data dump -----
30 2f 02 01 00 04 09 74 65 73 74 77 72 69 74 65 0/.....testwrite
a0 1f 02 03 00 ee 18 02 01 00 02 01 00 30 12 30 .............0.0
10 06 0c 2b 06 01 04 01 cb 00 01 01 02 03 00 05 ...+............
00 .
----- End of data dump -----

Because of its capability of being used without requiring any installation, ngSniff should have a place in your networking toolkit. I have seen it used on production systems where installing anything would have not been desirable during business hours, but we could run ngSniff from a USB pen drive and see what was happening with the application and resolve the issue very quickly. If you would like a basic GUI sniffer that does not require any installation (on Windows 2000 or newer systems), you can also try SmartSniff from www.nirsoft.net/utils/smsniff.html or IP Sniffer (part of IP Tools package) from http://erwan.l.free.fr/.

[Previous] [Contents] [Next]