Manualshelf

User`s guide

ManualsBrandsAirscanner ManualsComputer equipmentMobile Sniffer
12345678910
(C) 2003 Airscanner Corp. http://www.airscanner.com
As a result, many sniffers have incorporated the use of filters to control and regulate the
amount of, and type of, data that is collected and/or analyzed. If a sniffer uses a filter, data
analysis can be easily narrowed down to just the information that is considered relevant to the
job. In addition, if the filter is a pre-capture filter, it can significantly reduce the amount of
irrelevant data that is captured, thus saving valuable time and resources that can become heavily
taxed when collecting data for a long period of time.
There are many variations of filters available, which are represented by a filtering language.
These languages can be proprietary, or based off a standard filter, such as the OFDM (Open
Filter Definition Language). Regardless of the technical aspects of the filtering language, most
filters are very similar in appearance and are easy to understand. The following represents two
filters, one from Ethereal, which is the most common free sniffer available, and the other using
the OFDM language.
Ethereal
udp.srcport == 67 or udp.srcport == 68 or udp.destport ==67 or udp.destport == 68
OFDM
(udpport(src) == 67 || udpport(dest) == 67 || udpport(src) == 68 || udpport(dest) ==68)
As this illustrates, filtering languages are basically a series of conditional statements. This
example will filter all data for DHCP traffic, which can be detected due to its use of the UDP
protocol and port numbers 67/68.
2.5 The right sniffer for the job
The quality of a sniffer is directly related to the information it can provide for its user. For
example, many hackers consider dsniff to be one of the best sniffers available. This is not
because dsniff captures any better than Ethereal, which is at the top of the list for many
professionals; instead, it is because dsniff incorporates extra features, such as a built in password
sniffer, arp spoofing technology, and more. These small additions make the program more
streamlined, if collecting passwords is your goal. On the other hand, some troubleshooting will
require the use of an expensive all-in-one hardware/software sniffer package. These devices,
which would be overkill for a small network, can collect gigs of data and never miss a packet.
In addition to landline sniffers, the introduction of wireless networks has caused the creation
of a whole new niche of sniffers. Due to the unique physical and technical properties of
WLANs, the quality or functionality of a sniffer is tied to how well it can be integrated into an
existing wireless network. Some sniffers will only capture packets from WLANs to which they
are associated, while others can capture data on all operating networks within its physical
proximity. For an 802.11b network, this is due to the fact that up to 14 different channels are
used to transmit data. As a result, it is possible to have up to four different and totally separate
WLANs in the same general area (several channels are used per network). To collect data from
all local wireless networks, the wireless device on which the sniffer is operating would have to
operate in a passive mode. While this would allow it to capture all data, the device would not be
able to connect to any existing wireless network. In other words, it would be continuously
jumping channels, which is similar to jumping networks several times a second. Due to the