Network sniffing

From LQWiki
Jump to navigation Jump to search

Network sniffing is scanning the communication on a network for either diagnostic or malicious reasons. Benign cases are also known as Network monitoring; malicious cases are more likely called Packet sniffing

Example

To get to know your HTTP Server a bit better, you could use netcat:

bob:~ # netcat localhost 80
GET /index.htm HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.7 (like Gecko)
Accept: text/html, image/jpeg, image/png, text/*, image/*, */*
Accept-Encoding: x-gzip, x-deflate, gzip, deflate
Accept-Charset: utf-8, utf-8;q=0.5, *;q=0.5
Accept-Language: en
Host: localhost:8000
Connection: Keep-Alive

HTTP/1.1 200 OK
Date: Sun, 15 Jul 2007 23:38:10 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Last-Modified: Sun, 15 Jul 2007 23:12:19 GMT
ETag: "28c014-6-79cfdac0"
Accept-Ranges: bytes
Content-Length: 6
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

hallo
bob:~ #                      

Or for example if you want to know what mediawiki sends to the server, you point your browser to mediawiki, stop apache, start

netcat -l -p 80

and change a page in mediawiki.

See also