I recently stumbled across Wireshark University and it peaked my interest in protocol analysis again. Prompted with new interest I download the latest version of Wireshark and installed. If you don't follow the network analysis, protocol analysis world you may not know Wireshark. In fact most IT people don't. The comment I heard this week was is that anything like Ethereal? Yes. Better, updated and the same.
Ethereal basically morphed into Wireshark over that usual excuse, Trademarks owned were not transferred to Gerald Combs, creator of Ethereal. So Gerald takes the code and bada-bing bada-boom Wireshark is born. In fact using Ethereal is not advised because it is no longer actively developed and has many security issues and bugs that will probably never be resolved.
Armed with new vigor I began some network analysis traces on broadcast traffic. I'm basically looking for unusual and unnecessary traffic. Since every device on the network has to process broadcast traffic it helps to find mis-configured devices to kill, reconfigure or redeploy in order to reduce said traffic.
The thing that stood out to me immediately were IPX SA (service advertisement) packets coming from Ricoh type printers. I once wrote a paper that details how to find IP addresses of devices if you have a MAC address using LINUX. Since that technique uses BASH scripting I won't do that here so for now I will describe how to accomplish the same thing using Wireshark.
Saturday, July 7, 2007
Subscribe to:
Posts (Atom)