June 06, 2005

Nmap Real-Time Information and Tuning Options

I quietly updated my already-much-larger-that-what-I-planned guide to nmap last week. The latest chapters in Secrets of Network Cartography, A Comprehensive Guide to nmap 3.81 detail the trace and debug options, packet tuning options, and scan timing options. If you ever... Read more...
Posted by james_messer at 08:00 AM | Comments (0)

May 21, 2005

Host, Port, and Logging Options are now online!

Secrets of Network Cartography is now full of many more secrets! Our online nmap 3.81 tutorial has been updated, and I've added everything I could find about host options, port options, and all logging options. Here's some highlights: * If... Read more...
Posted by james_messer at 03:03 PM | Comments (0)

May 14, 2005

Nmap Operating System Fingerprinting

Part V of Secrets of Network Cartography: A Comprehensive Guide to nmap 3.81 is now online! This most recent addition details the process of operating system fingerprinting. After reading through this new addition, you'll learn how nmap locates and identifies... Read more...
Posted by james_messer at 05:55 PM | Comments (0)

May 08, 2005

More Secrets of Network Cartography

As I dig farther into the depths of nmap, I'm finding some interesting tidbits of information. Some of this information is undocumented, and some of it is overlooked functions that need to be addressed in future versions. Did you know... Read more...
Posted by james_messer at 12:36 PM | Comments (0)

May 01, 2005

ANNOUNCEMENT: Secrets of Network Cartography

I've had quite a few people ask me why they've not seen any content in the last month, but I wasn't sure what to tell them! I?ve had a goal to create a new tutorial for Network Uptime, but this... Read more...
Posted by james_messer at 01:28 PM | Comments (0)

April 04, 2005

Linux/Unix LiveCD Distributions

If you?ve not used a Linux- or Unix-based bootable CD before, you?re missing enormous functionality that requires almost zero setup and configuration time! These LiveCD distributions are perfect tools for system recovery, network security, network analysis, or everyday Internet browsing.... Read more...
Posted by james_messer at 05:03 PM | Comments (0) | TrackBack

October 07, 2001

Analyzing Frame Relay Statistics

Is there a BECN in your PVC?

Posted by james_messer at 11:36 PM | Comments (1)

August 01, 2001

Troubleshooting WINS Broadcasts

What are all these WINS doing on my network?

Posted by james_messer at 11:30 PM | Comments (0)

April 16, 2001

Redundancy from a Network Perspective

What does a redundant link look like on a Sniffer?

Posted by james_messer at 11:14 PM | Comments (0)

October 15, 2000

Introduction to Telnet

Every network manager has used a telnet client at one time or another. The telnet specifications were set in 1983 as part of RFC 854. Telnet is a client-server application, which means that one machine has to provide the Telnet service (or in UNIX terms, the Telnet daemon). Telnet allows one to become a user on a remote computer.

Posted by james_messer at 07:03 PM | Comments (0)

September 15, 2000

Introduction to TCP

Transport Control Protocol (TCP) is a reliable connection protocol that works similar to a telephone call. The two stations that use TCP must establish a mutual connection between them, then keep the two way conversation alive to insure full data connectivity.

Posted by james_messer at 07:25 PM | Comments (0)

May 01, 2000

Protocol Analysis on a Switched Network

Monitoring a switched LAN can be a challenging exercise. The advent of LAN switches has completely changed our methods for managing the network, and today's network manager must work harder than ever to find more creative ways of gathering information from an increasingly complex network.

Posted by james_messer at 11:30 PM | Comments (0)

March 01, 2000

Capturing to Disk with Sniffer Pro

Network Associates' DOS-based Sniffer was an excellent protocol analysis tool, but it lacked the capability to multitask. Many network managers want to constantly capture information from the network and have it stream to the hard disk, effectively saving every frame that traversed the network. With the Windows-based Sniffer Pro, this feature is now available.

This tutorial uses Network Associates' SnifferPro version 2.6, although most versions of SnifferPro are similar to the screen shots and explanations in this tutorial.

Posted by james_messer at 07:34 PM | Comments (0)

January 15, 2000

Using History Samples for Trend Analysis in Sniffer Pro

The History Samples function of Sniffer Pro is a welcome addition to this relatively new Windows-based GUI. Earlier DOS-based versions of the Sniffer software could sample network statistics over long periods of time, but these monitoring functions were contained within a separate executable than the protocol analyzer. Because of these limitations, history statistics could not gather while data was captured.

In the Windows-based Sniffer Pro, history information can be gathered at the same time as any other Sniffer function. This allows the network analyst to gather history statistics while the network data is captured to disk. This is especially helpful if questionable statistics arise while analyzing the history statistics. Specific timeframes can be investigated further by examining the captured Sniffer trace.

This tutorial uses Network Associates' Sniffer Pro version 3.0, although most versions of Sniffer Pro are similar to the screen shots and explanations in this tutorial.

Posted by james_messer at 08:06 PM | Comments (0)

January 14, 2000

Using Excel to Graph Sniffer Pro History Samples

One of the new features of Sniffer Pro is the ability to save history information to disk for use by external applications. Since the history samples function in Sniffer Pro cannot display a large number of samples on the screen simultaneously, an external graphing function becomes very important.

This tutorial will instruct how to export history samples from Sniffer Pro and create impressive graphs and charts with Microsoft Excel! These steps are a must-have for any network analyst who has to create meaningful output from Sniffer Pro.

Posted by james_messer at 08:44 PM | Comments (0)

January 13, 2000

Understanding ARP

If you've used TCP/IP or the Internet for any amount of time, you know that workstations on a TCP/IP network communicate with each other with a TCP/IP address. Over the physical network, however, workstations communicate with each other with their Media Access Control (MAC) address. Therefore, the key to communicating via TCP/IP is the mapping of a TCP/IP address to the physical address of a workstation. An Ethernet Address Resolution Protocol, RFC 826, details the conversion process from a TCP/IP address to a physical MAC address.

Posted by james_messer at 08:58 PM | Comments (0)