Tuesday, December 4, 2007

Using My Eee as a Packet Sniffer/Analyzer

My day job involves doing information/network security checks for the company (and its subsdiaries) I work with.  As an information security professional, one of the "tools of the trade" in my profession is a network sniffer.  After a few sniffing around (pun intended) I discovered that I can install one of my favorite network sniffing tool to my Eee PC -- Wireshark (formerly known as Ethereal).
 The image “http://www.wireshark.org/image/banner.png” cannot be displayed, because it contains errors.

Installing Wireshark on my Eee PC, however, is not a point-and-click affair.  Here's what I did to install Wireshark on my Eee.
  • Add a the standard Debian repository to the Synaptic Package Manager (http://ftp.us.debian.org/debian stable main non-free contrib)
  • Open Terminal (ctrl+alt+T on Easy Mode, or run Applications --> System --> Console from Advanced Mode)
  • From the terminal, type "sudo apt-get wireshark" to start the download and install process for Wireshark.  Should the installation process gets interrupted, issue the "sudo app-get wireshark" command again to continue/finish the installation process.
  • Once the installation process is complete, run the program by typing "sudo /usr/bin/wireshark" from the Terminal.  If you're running under the Advanced Mode, Wireshark can be found at Application --> Internet --> Wireshark.
If you want to sniff wi-fi network packets, choose ath0 as your interface, for your wired ethernet network packets, choose eth0.

That's it! Happy sniffing!

Blogged with Flock

Posted by at
Labels: , ,

2 comments:

fang said...

Thanks for the info! Could you please add the procedure to add the Debian ftp site to the package manager?

March 15, 2008 at 8:38 AM
Budi Wins said...

taken from (http://wiki.eeeuser.com/howto:adddebianfeeds)
________________________________________________

Adding a Debian Repository

As Xandros is based upon the debian kernel a lot of additional software packages can be downloaded from the debian feeds. Adding the debian feeds is simple:

1. start eeePC
2. get a shell by typing ctrl-alt-T
3. become superuser by typing sudo su -
4. browse to http://www.debian.org/mirror/mirrors_full and select a mirror near to you. You might want to use netselect to find which one has the best connectivity but netselect is outside the scope of this post. Also apt-spy might be usable.
5. Use VI as your text editor. http://users.tkk.fi/~thyle/vi_opas.html has a nice tutorial to get you started.
6. edit /etc/apt/sources.list (vi /etc/apt/sources.list) and add the following line:
deb {your mirror goes here} stable main contrib non-free
As I am in NL I entered ftp://ftp.nl.debian.org/debian at the place where it says {your mirror goes here}, but if you are not in NL you should find a closer mirror (could also be an http mirror)
7. run apt-get update This will update the packages lists. (btw, I use apt-get from the command line; you might also try to use synaptic)

Note: probably kernel dependent modules do not work. Therefore it is probably also not a good idea to run commands like “apt-get upgrade”. The article at Adding Xandros Repositories has instructions about making this much safer.

March 19, 2008 at 5:20 PM

Post a Comment

Subscribe to: Post Comments (Atom)