Manualshelf

User`s guide

ManualsBrandsAirscanner ManualsComputer equipmentMobile Sniffer
11121314151617181920
(C) 2003 Airscanner Corp. http://www.airscanner.com
The following example filter could be used to monitor all HTTP requests coming from one
IP addresses. This filter could be used to passively monitor a suspect to see if they are using a
company WLAN to access pornography:
Source IP is 192.168.1.10 AND Destination Port is 80
Note: Unless you are a law enforcement officer with a proper warrant, we do not
recommend spying on your users. It is unethical and can be illegal, even if the employee is using
your company network and even if you have a strict usage policy.
To setup this filter, select 'Source IP Address' from the top filter group, leave the condition
as 'IS', and enter the IP address '192.168.1.10' in the value field. Then select 'AND' from the
middle condition menu and select the 'Destination Port' from the lower filter group menu. Select
'IS', and enter the port number '80' in the value box.
3.1.7 Summary
Filtering is a very valuable aspect to any sniffer. For this reason we included a simple, but
useful, filtering module in Airscanner Mobile Sniffer™. If used, this filter will allow you to
focus on the data that matters. This will reduce the time you spend looking through the data, will
reduce the wasted space filled with useless data, and will allow you to collect only data that
matters to you. In addition, since this data is captured in Ethereal format, you can easily export it
and analyze it much more intensely on your desktop.
3.2 Ethereal
URL: http://www.ethereal.com
Supported Platforms: Linux (RedHat, SuSE, Slackware, Mandrake), BSD (Free, Net, Open),
Windows (9x/ME, NT4/2000/XP), AIX, Compaq Tru64, HP-UX, Irix, MacOS X, SCO, Solaris
3.2.1 Description
Ethereal is one of the most popular sniffers available. It performs packet sniffing on almost
any platform (Unix, Windows), in both real-time (live), and from saved capture files from other
sniffers (NAI’s Sniffer, NetXray, tcpdump, and more). Included with this program are many
features such as filtering, TCP stream reconstruction, promiscuous mode, third-party plug-in
options, and the capability to recognize more than 260 protocols. Ethereal also supports
capturing on Ethernet, FDDI, PPP, token ring, X-25, and IP over ATM. In short, it is one of the
most powerful sniffers available on the market today—and it is free.
3.2.2 Installation on Windows
Installation varies depending on the platform. Because 98% of people using this program
employ either a Linux distribution (such as RedHat) or a Windows operating system, we will be
discussing only those platforms. For the most part, what works on one *nix operating system
will work on another with only slight modifications to the installation procedure.
Using Ethereal with Windows is fairly straightforward. There is one exception to this point.
802.11 packet captures are not currently available using Ethereal with any Windows OS.