Network Sniffers

[Paul Mooring]

I'm not sure what your exact needs are, but I generally prefer to use
tcpdump for capturing (cli tool) and wireshark when I need more a advanced
view of the traffic.  You can take the output of tcmpdump and view it in
other tools with the '-w' flag.  Related but not really a network sniffing
tool, no one really uses hubs anymore so to sniff unicast traffic intended
for other hosts you'll need to poison the arp cache on the switch.
 Ettercap is the easiest way to poison an arp cache (also please don't do
this unless you own the network/have approval).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20131121/c860474c/attachment.html>