- We usually detect network activity by being connected
to the network of interest
- Sometimes, such as with wireless, you can monitor without
being connected. (Wired networks, even fiber optic, can be
monitored surreptiously with sensitive equipment and patience,
but physical proximity to the network is still necessary.)
- What simple approaches can limit network monitoring or
interception's danger?
Tools
- ifconfig (try ifconfig -a) to get basic
information about a Unix system's Ethernet interface.
ipconfig /all is similar for DOS/Windows.
- netstat lists open ports and packet statistics.
- tcpdump (freeware, often default with Linux) decodes
the payload and lists data from a network interface, protocol, host,
etc.
- To re-assemble sessions from packets, or search for
strings (such as passwords, use a tool such as tcpdstat
(Dave
Dittrich's version, the original is
in
Japan). (Neither is quite complete for a Linux system...)
|