Manualshelf

User`s guide

ManualsBrandsAirscanner ManualsComputer equipmentMobile Sniffer
12345678910
(C) 2003 Airscanner Corp. http://www.airscanner.com
Installation of a sniffer on Linux usually requires no extra drivers other than those required
for normal operation. The only exceptions to this are wireless sniffers, which require patches or
a special driver. Ensure you read the sniffer’s documentation before installation to avoid hours
of frustration.
2.1.4 Promiscuous Mode
When a network card is manufactured, it is assigned a unique identifier known as a Media
Access Control (MAC) address. Since this address is supposed to be unique, is serves as one of
the fundamental methods by which data is transmitted over a network. While there are many
other communication protocols that sit on top of the MAC address to help with data flow, the
MAC address is used in the first and last leg of the transmission process. It is important to
understand the importance of the MAC address, because it indirectly affects what data a sniffer
can access.
When a network card is operating normally, it actually scans each packet of data traveling
over the network to see if any of the data is labeled with its MAC address. If there is a match,
the data is passed up to the next layer in the protocol stack, and ultimately to the program to
which it was sent. However, if the packet is not addressed to the NIC, it will be ignored.
Since the sniffer software actually operates above the hardware layer of the communication
stack, it will only receive data that was sent to the computer on which it is operating. In other
words, the sniffer will only see local data. While this level of access can be helpful in some
situations, the limited access will restrict most troubleshooting efforts. However, this is where
promiscuous mode comes into play.
When a network card is placed in promiscuous mode, it will accept ALL data passed on the
wire to which it is connected, regardless of any MAC address. However, there are still some
obstacles a sniffer must overcome to gain access to network traffic. This includes additional
support for wireless data, which uses radio waves to pass data, and limitations due to networking
technology.
2.2 Switches and Hubs
Within any local area network you will find network hubs and/or switches. These devices
are very similar in appearance, and on the surface perform the same duties. However, once you
look at how these devices work, you will quickly see that they are inherently different devices.
A hub is a very simple passive device that receives data in on one port and distributes it to
all the other ports. It does not examine or care what data passes through it, nor does it care where
the data ends up. While hubs have been inexpensive for a long time due to their relative lack of
“intelligence”, which requires more circuitry and programming, they are often slower and can
produce overload conditions when three or more hubs are connected together because all data is
passed to the entire network. Although this can cause bottlenecks and network saturation, a
hubbed network is the best type of network in which to place a sniffer. Since hubs do not restrict
data in any way, a sniffer will have access to ALL the data flowing across the wires and through
the hub.