This page is a wiki. Please login or create an account to begin editing.


10 posts / 0 new
Last post
Gary's picture
Offline
Joined: 2011 Jul 21
Network Analyzer/Sniffer

My network-based computers routinely start "talking" to other computers even though I haven't done anything to initiate such conversations. I'd like to know more about these "conversations" than I know now - which is nothing.

Please suggest a Mac OS 9 based sniffer application that I can use to help me figure out what traffic is being transferred and what information is being exchanged.

Gary

Comments

nil0bject's picture
Offline
Joined: 2012 Nov 14

How do you know they are "talking" to other computers? I mean, they are, but how do you know? Do you have network monitoring software/hardware on the other machines?

OS9 tcp/ip monitors:
http://www.sustworks.com/site/prod_ipmonitor.html
http://www.blackcatsystems.com/software/network.html

From my experience, I believe your machines have appletalk and perhaps afp enabled. These use a bonjour-style network discovery protocol.

Gary's picture
Offline
Joined: 2011 Jul 21

>How do you know they are "talking" to other computers?

My "other" computers are a PC running Windows XP and a Chromebook. Both are heavily network-based and routinely tell me things that could only come from a network connection. For example, XP routinely posts a message saying my Adobe Acrobat is out of date.

Even OS X told me that there were software updates waiting to be installed - even though I told the X installer that I did NOT want a network connection.

Gary

bertyboy's picture
Offline
Joined: 2009 Jun 14

I have "AT View" in my head, for monitoring the host computers AppleTalk chat and chatter. I'm sure that this has been uploaded here, or is available with a Google search.

As I remember, AppleTalk was fairly chatty anyway, and if you're running any software at all that operated on anything but a site license, may periodically "squak" out on a port to ensure that no other copies were running on the same network with the same key.

MikeTomTom's picture
Offline
Joined: 2009 Dec 7

Apps here at the Garden you might try:
"Trawl 1.0.2" a network analyser program
"NetCapture Ethernet 4.0" possibly an ethernet packet sniffer?
"NetBarrier 2.0.1" a Firewall app (and monitor) if you need it.

Note: None of the above installed or tested by me, so HTH.

bertyboy's picture
Offline
Joined: 2009 Jun 14

Aha, XP and OS X - so an AppleTalk sniffer will do you no good.

Despite what you've told the OS X Installer, it would appear that you have a local network connection and a subsequent internet connection. If you open the Network system pref in OS X, which interfaces are active in the panel on the left ? You may have to disable AirPort and Ethernet.
Let us know if you're trying to establish a local connection, but restrict internet access, and what you're trying to achieve.

Gary's picture
Offline
Joined: 2011 Jul 21

> so an AppleTalk sniffer will do you no good.

Too true. AppleTalk is totally predictable. It only initiates conversations when I tell it to do so.

I'm interested in the other traffic - probably TCP and its derivatives. I remember the network guys (where I used to work) carrying around a box they called a Sniffer. I think it was made by Network General.

I looked into getting one but quickly changed my mind. They are now obsolete and too fussy to be practical today.

But the box would capture raw data packets off the ethernet cable and give summaries and details about the packets.

What I really want to know is whether the unsolicited traffic on my DSL line is benign or dangerous.

Gary

bertyboy's picture
Offline
Joined: 2009 Jun 14

Do you mean other computers on the internet when you said "(my) computers routinely start 'talking' to other computers" as opposed to your computers talking to each other ?

Your DSL modem / router can probably log all incoming requests (as opposed to responses that you initiate).

If it's just network traffic within your own LAN, then NetBarrier will monitor the traffic for a Mac.

If it's your own computers initiating requests out to the internet, NetBarrier will pick this up also.

Remember for Mac and OS X in particular, there is a lot of valid chatter- consider Bonjour.

Gary's picture
Offline
Joined: 2011 Jul 21

>Do you mean other computers on the internet when you said "(my) computers routinely start 'talking' to other computers" as opposed to your computers talking to each other ?

On my LAN the computers don't seem to know anything about each other. The Chromebook can't access either the XP machine or the Mac.

The same is true for XP and the Mac as well. They can't access the others.

So I have to assume that when the traffic light on the router begins to blink like crazy then the XP, Mac or Chromebook is conversing with a system in the WAN rather than to one of my local machines.

Gary

bertyboy's picture
Offline
Joined: 2009 Jun 14

So first trick would be to leave a network monitor, however basic, running on each machine, like the Activity Monitor in Mac OS X and the one built into Windows (name escapes me just now), put it on the Network tab and carry on doing your normal stuff. When the activity light blinks like crazy, check which of your computers has had a burst of network activity. The Mac Network analyser in Activity Monitor can even tell you if it was incoming traffic or outgoing traffic (more likely if your modem / router has a firewall).
You may wan to pull the DSL (or whatever cable) that connects your router to the internet. You still want your computers connected to the router, even if they don't talk to each other, as it probably also provides DHCP.

Just one thing, how old is the modem / router ? The last modem / router I had that blinked on ethernet activity was maybe 10 years old, everything I've had since has lots of lights but only blinks for other reasons. Wireless activity does still blink of course.
The modem / router may also have a facility to record all incoming traffic, you may wish to turn this on.