Network sniffing: using Sniffer to monitor network traffic

Source: Internet
Author: User

Internet cafe sniffing

With the development of multiple levels and diversity of the Internet, Internet cafes have been used in simple applications such as instant messaging, Web browsing, and email, extended into technical applications that run a large number of online games, online video and audio, interactive teaching, and P2P. Application features also present diversity and complexity. Therefore, these applications impose more stringent and demanding requirements on the quality of our network services.

Currently, most Internet cafes do not provide high-end network equipment with the intelligence, interactivity, and other scalability. When Internet cafes fall offline, network cards, internal virus attacks, and traffic exceeds the limit, many network administrators have insufficient power. After all, relying on the experience of network administrators and some simple traditional troubleshooting methods: there are large errors in terms of time and accuracy, and it also affects the work efficiency and normal business operation.

Sniffer Pro is a well-known network protocol analysis software. This article uses its powerful traffic Graphic System Host Table to monitor network traffic in real time. In terms of monitoring software, we chose the sniffer pro, which is commonly used by NAI companies. In fact, many Internet cafe administrators have experience in monitoring the network: when there is a network problem or network conditions are explored, use P2P Terminator, cyber law enforcement, and other network monitoring software. This software has a major advantage: You can query traffic without configuring a port image (in fact, sniffer pro can also work in this environment ). This seemingly fast method still has many drawbacks: due to its working principle, it uses ARP Address tables to cheat address tables, which may lead to many out-of-band issues, such as disconnection, network slowdown, and ARP broadcast surge. This is incredible for a normal network.

Here, we will use software solutions to achieve network solutions that previously could only be solved by replacing advanced devices. This will be a dream time for many administrators.

Hardware environment (Internet cafe ):

M network environment, 92 terminals, the main switch using D-Link (youxun) DES-3226S Layer 2 switch (Support Port Mirroring function), cascade common silly switch. Optical fiber 10 m access, Huawei 2620 as the Access Gateway.

Software environment:

Windows Server Enterprise Standard Edition (Sniffer Pro4.6 and later versions support Windows-xp Windows2003), NAI protocol analysis software-Sniffer Portable 4.75 (this article uses a version that is easily downloaded from the network for testing)

Environment requirements:

1. If you need to monitor network-wide traffic, install a terminal computer with Sniffer Portable 4.7.5 (Sniffer Pro). The NIC access end must be located at the master switch mirror port. (Monitor all data flowing through this Nic)
2. Snffier pro 475 only supports 10 M, 100 M, and 10/100 M NICs. For 4.8 M NICs, install the SP5 patch or a later version.

Network Topology:

Purpose: To detect faults in the network environment (such as abnormal behaviors such as viruses, attacks, and traffic overruns) through real-time monitoring of Sniffer Pro ). In the network environment of many enterprises and Internet cafes, gateways (such as routers and proxies) do not have traffic monitoring and query functions. This article will be a good solution. The powerful functions of Sniffer Pro include: Real-Time query of any terminal traffic in the network, real-time query of traffic between terminals in the network, TOP ranking of terminal traffic, and exception warning. At the same time, after capturing data packets, the expert analysis system of Sniffer Pro helps us further analyze data packets to better analyze and solve Network exceptions.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.