Programming C, C++, Java, PHP, Ruby, Turing, VB
Computer Science Canada 
Programming C, C++, Java, PHP, Ruby, Turing, VB  

Username:   Password: 
 RegisterRegister   
 Network
Index -> General Discussion
View previous topic Printable versionDownload TopicSubscribe to this topicPrivate MessagesRefresh page View next topic
Author Message
Aange10




PostPosted: Thu Dec 29, 2011 5:56 pm   Post subject: Network

I'm really curious to see what is going on with my computer. As in, I'd like to see when somebody pings me. I want to know if I'm sending packets to game, and how many I'm sending. However I have no idea how to even see what I'm sending/receiving.

Can anybody enlighten me on how to see what I'm sending/receiving, and/or some links as to how to track these things?
Sponsor
Sponsor
Sponsor
sponsor
DemonWasp




PostPosted: Thu Dec 29, 2011 6:17 pm   Post subject: RE:Network

What you're talking about is called "packet sniffing" and has a related field called "packet analysis". Packet sniffing is a reasonably straightforward operation in any operating system, though it's usually easier in Linux and other UNIX operating systems (and derivatives, so I suppose that includes OSX). Packet analysis is what tells you who sent it, what it says, and where it's going.

There are plenty of packet sniffer programs out there to capture that information and display it in a sensible format. One of the better-known ones for Windows is WireShark, though there are plenty of others. These programs will let you capture all the information going across one of the network interfaces in your computer and then display the information.

Be warned that you will probably catch a LOT of packets. The maximum transmission size for packets is usually around 1500 Bytes, and includes around 100 Bytes of overhead. That means that if you send 1KB of data, it will send one packet. One megabyte is about 1000 packets. My internet connection readily downloads 2MB/s or better, which means over 2000 packets every second at maximum throughput, assuming all the packets are maximum-sized. Packets are free to be much smaller (as little as ~100 Bytes), so conceivably you could have tens of thousands of packets every second.

This is usually not the kind of thing a human can monitor in real-time.

If you set up the right filters to see exactly the kind of traffic you're looking for, you might have a chance. For example, if you look for ICMP traffic (used by pings) then you would have a better chance of seeing pings amid the torrent of information arriving and departing. However, even a turn-based game communicates a lot of information pretty quickly. Real-time games are correspondingly more demanding.
Tony




PostPosted: Thu Dec 29, 2011 6:57 pm   Post subject: RE:Network

WireShark runs on OSX just fine as well.

Keep in mind that on a broadcast based network (such as wifi), you will see everyone's traffic. This can be rather overwhelming, especially in public places with many clients.
Latest from compsci.ca/blog: Tony's programming blog. DWITE - a programming contest.
Aange10




PostPosted: Thu Dec 29, 2011 7:00 pm   Post subject: RE:Network

Thank you for the information. Very helpful. Could you tell me about how network security ties into this? This is my main question. The only thing I really know about it is that my friend told me you can't even ping some secure networks (Like Blizzard Entertainment's networks).

I'm really mostly interested in how to monitor my network because I'm curious how my computer is communicating with other things (and in that I can find my answers). However, *most* packets are completely encrypted, right?
Tony




PostPosted: Thu Dec 29, 2011 7:16 pm   Post subject: RE:Network

You certainly can ping any known address on the internet, but corporate firewalls will likely catch and drop your packets before they reach any server.

As mentioned before, you can log all of the traffic visible to your computer via WireShark. If you are looking for something specific, filters are a good approach. For something simpler, you might be interested in netstat tool http://en.wikipedia.org/wiki/Netstat

It should be noted that *most* packets are not encrypted, and should be assumed that everyone in between you and the destination knows exactly what you are up to. Specifically, last year you could have gone to a coffee shop and listened to unencrypted facebook/twitter/etc cookies in the air http://en.wikipedia.org/wiki/Firesheep
Latest from compsci.ca/blog: Tony's programming blog. DWITE - a programming contest.
Aange10




PostPosted: Thu Dec 29, 2011 7:24 pm   Post subject: RE:Network

Emphasis Added wrote:

corporate firewalls will likely catch and drop your packets before they reach any server.


How? How do they catch/drop it, and how do they do it before it reaches the server?


EDIT: Also, from the firesheep link

Wikipedia wrote:

BlackSheep drops ?fake? session ID information on the wire and then monitors traffic to see if it has been hijacked.[7]


How do they monitor the traffic? As in, what exactly are they monitoring?


This is from the citeation,
Quote:
While Firesheep is largely passive, once it identifies session information for a targeted domain, it then makes a subsequent request to that same domain, using the hijacked session information in order to obtain the name of the hijacked user along with an image of the person, if available. It is this request that BlackSheep identifies in order to detect the presence of Firesheep on the network.


How does BlackSheep pick up the request? The same way FireSheep does?
Tony




PostPosted: Thu Dec 29, 2011 8:14 pm   Post subject: RE:Network

A firewall is hooked up in front of the corporate servers. All the traffic must flow through it first, so it can apply some rules to decide what should continue.

re pickup/monitor -- on a wifi network, there is no direct connection between the router and any individual device. The router just throws packets into the air, and then whoever cares to listen, does. Every device picks up every packet, checks the destination headers, and decides if it was addressed to it or someone else. Most would drop the packets. Your laptop will notice its address, so keep those. Mine will not even check, and just keep everything.

An appropriate analogy is that you may choose to not listen to someone else's conversation in a coffee shop, but the sound waves would still hit your ears. You'd have to somehow filter all that noise out yourself.
Latest from compsci.ca/blog: Tony's programming blog. DWITE - a programming contest.
Aange10




PostPosted: Thu Dec 29, 2011 10:55 pm   Post subject: RE:Network

Ahh that explains a lot. Thank you both.
Sponsor
Sponsor
Sponsor
sponsor
miami405




PostPosted: Thu Aug 02, 2012 4:12 am   Post subject: Re: Network

Aange10 @ Thu Dec 29, 2011 5:56 pm wrote:
I'm really curious to see what is going on with my computer. As in, I'd like to see when somebody pings me. I want to know if I'm sending packets to game, and how many I'm sending. However I have no idea how to even see what I'm sending/receiving.

Can anybody enlighten me on how to see what I'm sending/receiving, and/or some links as to how to track these things?


I also faced this similar problem.When i couldn't come out this problem then i had a conversation with an expert He suggested me to change my router.Cause my router was out of Network range.
Display posts from previous:   
   Index -> General Discussion
View previous topic Tell A FriendPrintable versionDownload TopicSubscribe to this topicPrivate MessagesRefresh page View next topic

Page 1 of 1  [ 9 Posts ]
Jump to:   


Style:  
Search: