Foro de elhacker.net

(http://madzone.comoj.com/image_host/images/8508277614e54bce74adc24.90745878captura.png) (http://blogs.technet.com/b/netmon/)

Seguro que todos conocemos Wireshark, uno de los sniffers más conocidos junto con Cain.

Sabiendo manejar bien Wireshark ya no necesitas ninguno, pero decidí darle una oportunidad a NetworkMonitor. Se trata de un sniffer desarrollado por Technet (como sabréis, forma parte de Microsoft).

Primero nos dirigimos a su página oficial (http://blogs.technet.com/b/netmon/) y lo descargamos (http://blogs.technet.com/b/netmon/p/downloads.aspx). Una vez instalado veremos la interfaz de inicio.

(http://madzone.comoj.com/image_host/images/21377544944e54bdcd1a5e31.30105367captura.png) (http://madzone.comoj.com/image_host/images/21377544944e54bdcd1a5e31.30105367captura.png)

En en cuadro de abajo, seleccionamos la red que queramos monitorizar y después creamos una nueva sesión.

Al empezar el monitoreo, a la derecha veremos todos las aplicaciones que han enviado algún paquete, si seleccionamos una de ellas, los logs se verán limitados solamente a esa aplicación.



(http://madzone.comoj.com/image_host/images/7415157034e54becbac4973.03306630captura.png) (http://madzone.comoj.com/image_host/images/7415157034e54becbac4973.03306630captura.png)


Otra cosa que me llamó la atención, es la funcionalidad de filtrado.

(http://madzone.comoj.com/image_host/images/1976868814e54c00c3f4863.50865934captura.png) (http://madzone.comoj.com/image_host/images/1976868814e54c00c3f4863.50865934captura.png)

Permitiendo crear filtros personalizados. Desde la página oficial nos proveen varios tutoriales (videos entre otros) para aprender a desenvolvernos con esta herramienta.

Filtering

• Common Fields used for Filtering (http://social.technet.microsoft.com/wiki/contents/articles/network-monitor-fields-and-properties-for-filtering.aspx)
     
• Filtering with TCP and other Conversations (http://evolblogstech/b/netmon/archive/2007/06/28/color-filtering-error-messages.aspx)
     
• Following TCP Conversation Streams (http://blogs.technet.com/b/netmon/archive/2007/04/05/follow-the-stream.aspx)
     
• Introduction to Filtering with Network Monitor 3.x (http://blogs.technet.com/b/netmon/archive/2006/10/17/into-to-filtering-with-network-monitor-3-0.aspx)
  

User Interface

• Color Filtering Error Messages (http://blogs.technet.com/b/netmon/archive/2007/06/28/color-filtering-error-messages.aspx)
     
• Customizing the Window Layout (http://blogs.technet.com/b/netmon/archive/2008/11/13/customizing-the-user-interface.aspx)
     
• Frame Commenting (http://evolblogstech/b/netmon/archive/2009/03/20/frame-commenting-is-here.aspx)
     
• Marking Frames with Network Monitor 3.4 (http://blogs.technet.com/b/netmon/archive/2010/10/14/marking-frames-with-network-monitor-3-4.aspx)
     
• Parser Profiles with Network Monitor 3.4 (http://blogs.technet.com/b/netmon/archive/2010/06/04/parser-profiles-in-network-monitor-3-4.aspx)
     
• Reassembly with Network Monitor 3.x (http://evolblogstech/b/netmon/archive/2008/04/09/reassembly-with-nm3.aspx)
     
• Understanding Conversations (http://blogs.technet.com/b/netmon/archive/2006/11/15/conversations-in-network-monitor-3-0-cable-talk.aspx)
     
• Using Color Fules to Show Direction (http://blogs.technet.com/b/netmon/archive/2010/07/28/using-color-rules-to-show-direction.aspx)
     
• Using Columns and Properties (http://blogs.technet.com/b/netmon/archive/2007/03/01/using-columns-and-properties.aspx)
  

Capturing

• Capturing a Trace at Bootup (http://evolblogstech/b/netmon/archive/2010/01/04/capturing-a-trace-a-boot-up.aspx)
     
• Chained Captures and Stitching Them Back Together (http://evolblogstech/b/netmon/archive/2009/09/09/chained-captures-and-stitching-them-back-together.aspx)
     
• Event Tracing for Windows and Network Monitor (http://blogs.technet.com/b/netmon/archive/2009/05/13/event-tracing-for-windows-and-network-monitor.aspx)
     
• NMCap: The Easy Way to Automate Capturing (http://blogs.technet.com/b/netmon/archive/2006/10/24/nmcap-the-easy-way-to-automate-capturing.aspx)
     
• OneClick Capture Tool (http://blogs.technet.com/b/netmon/archive/2007/11/06/nm3-one-click-capture-tool-beta.aspx)
     
• Reducing Dropped Frames with Network Monitor 3.4 (http://blogs.technet.com/b/netmon/archive/2010/06/23/avoiding-dropped-frames-with-network-monitor-3-4.aspx)
     
• Stopping a Capture Based on an Eventlog Message (http://evolblogstech/b/netmon/archive/2008/12/12/eventcap-revisited-using-nmapi.aspx)
     
• Wireless Capturing With Network Monitor (http://blogs.technet.com/b/netmon/archive/2007/06/15/wireless-capturing-with-network-monitor-3-1.aspx)
     
• Using High Performance Filtering (http://blogs.technet.com/b/netmon/archive/2010/08/05/using-high-performance-filtering.aspx)
  

Troubleshooting

• Delayed Write Failure Trace Study (http://blogs.technet.com/b/netmon/archive/2009/09/21/delayed-write-failure-trace-study.aspx)
     
• I Can't View My Windows Home Server at Home (http://blogs.technet.com/b/netmon/archive/2009/08/14/i-can-t-view-my-windows-home-server-at-home.aspx)
     
• Intro to Name Resolution (http://blogs.technet.com/b/netmon/archive/2007/07/20/intro-to-name-resolution.aspx)
     
• Measuring Response Times (http://evolblogstech/b/netmon/archive/2010/02/24/measuring-response-times.aspx)
     
• SMB Opportiunistic Locking Behavior (http://blogs.technet.com/b/netmon/archive/2009/09/22/smb-opportunistic-locking-behavior.aspx)
     
• TCP Analyzer Expert; Make Your Network Run Faster (http://evolblogstech/b/netmon/archive/2009/06/30/tcp-analyzer-expert-make-your-network-run-faster.aspx)
     
• Troubleshooting Name Resolution (http://blogs.technet.com/b/netmon/archive/2007/08/16/trouble-shooting-name-resolution-with-nm3.aspx)
     
• Understanding Broadcasts (http://blogs.technet.com/b/netmon/archive/2008/08/20/broadcasts.aspx)
     
• Understanding HTTP Flow (http://blogs.technet.com/b/netmon/archive/2007/12/21/understanding-http-flow-with-netmon-3-by-yuri-diogenes.aspx)
  

Experts and Tools

• EventCap (http://blogs.technet.com/b/netmon/archive/2008/12/12/eventcap-revisited-using-nmapi.aspx)
     
• Decrypting SSL/TLS Traffic (http://evolblogstech/b/netmon/archive/2010/03/08/expert-to-decrypt-tls-ssl-traffic.aspx)
     
• Top Users (http://blogs.technet.com/b/netmon/archive/2009/04/30/top-users-expert-for-network-monitor-3-3.aspx)
     
• Simple Search (http://blogs.technet.com/b/netmon/archive/2009/04/14/looking-for-private-data-with-the-simple-search-expert.aspx)
  

Network Monitor API

• Accessing TCP Payload (http://evolblogstech/b/netmon/archive/2009/10/07/using-nmapi-to-access-tcp-payload.aspx)
     
• Network Monitor Freezes While Loading Capture (http://blogs.technet.com/b/netmon/archive/2010/09/30/network-monitor-freezes-while-loading-capture.aspx)
     
• Reassembling Packets with the Network Monitor API (http://blogs.technet.com/b/netmon/archive/2009/10/12/reassembling-packets-with-the-network-monitor-api.aspx)
     
• Trouble Accessing Some Fields with API (http://blogs.technet.com/b/netmon/archive/2010/08/24/trouble-accessing-some-fields-with-api.aspx)
  

Network Monitor Videos

• Network Monitor Usage (http://blogs.technet.com/b/netmon/p/usagevideos.aspx)
     
• Network Monitor API (http://blogs.technet.com/b/netmon/p/apivideos.aspx)
  

Página Oficial | Network Monitor. (http://blogs.technet.com/b/netmon)

Buenas y gracias por el aporte.

Una pregunta: ¿Sabes que tal se lleva con los adaptadores inalámbricos?

Saludos.

mad, entonces crees que sea un poco mas fácil de manejar que el ethereal??

WireShark también cuenta con una herramienta de filtros bastante buena.

Saludos

Sí, es un poco más fácil de utilizar pero no es tan potente como Wireshark (Ethereal), tal vez, los datos sean más fácil de leer/interpretar en NetMon.