WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Recommendations for packet sniffing install  (Read 3060 times)

Offline dschlic1

  • Newbie
  • *
  • Posts: 2
Recommendations for packet sniffing install
« on: May 04, 2012, 08:43:34 AM »
I would like some recommendations on using a minimal linux installation to be used for ethernet packet sniffing and analysis. I currently use Wireshark running under Windows. It works but has some issues. In particular the standard Windows uses many tasks which produces and recieves packets via the ethernet interface. This results in packets showing up on the capture that are need to be ignored.
I use the packet sniffing to debug ethernet communications between different types of industrial equipment. So I do not want the sniffer producing packets of it's own. I think achieving this goal might be easier using Linux than Windows. I might add that I will only be using a wired interface.
I am looking at starting with Tiny Core because it probably already has many task and programs removed, and I can get it to boot from a USB flash drive. So I would like some advice as to how to modify the standard distro (if needed) to eliminate all taks and programs that would send packets via the ethernet interface.

Offline bmarkus

  • Administrator
  • Hero Member
  • *****
  • Posts: 7183
    • My Community Forum
Re: Recommendations for packet sniffing install
« Reply #1 on: May 04, 2012, 08:44:54 AM »
Wireshark?
Béla
Ham Radio callsign: HA5DI

"Amateur Radio: The First Technology-Based Social Network."

Offline dschlic1

  • Newbie
  • *
  • Posts: 2
Re: Recommendations for packet sniffing install
« Reply #2 on: May 04, 2012, 08:55:18 AM »
Google wireshark (can't post link)
While the web shows just Windows versions, it appears that most Linux distros also include it.

Offline bmarkus

  • Administrator
  • Hero Member
  • *****
  • Posts: 7183
    • My Community Forum
Re: Recommendations for packet sniffing install
« Reply #3 on: May 04, 2012, 08:58:53 AM »
Google wireshark (can't post link)
While the web shows just Windows versions, it appears that most Linux distros also include it.

Like Tiny Core Linux
Béla
Ham Radio callsign: HA5DI

"Amateur Radio: The First Technology-Based Social Network."

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11178
Re: Recommendations for packet sniffing install
« Reply #4 on: May 04, 2012, 09:14:45 AM »
Hi dschlic1
Welcome to the forum. I use Wireshark when I want to examine network traffic and it works well under Tinycore.
I just fired it up to trace all traffic, and once I closed a chatty tab on my browser, the only traffic that showed up was
my machine sending an echo request to my server because I have a remote drive mounted followed by an ARP,
both with responses. This sequence repeats every 60 seconds. In addition, I know the Samba server I'm connected
to will announce itself every 15 minutes or so just like a Windows share would.
« Last Edit: May 04, 2012, 11:06:22 AM by Rich »

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 10957
Re: Recommendations for packet sniffing install
« Reply #5 on: May 04, 2012, 10:30:03 AM »
Only DHCP would send traffic by default. Use a static IP and there's nothing.
The only barriers that can stop you are the ones you create yourself.