Guide on how to sniff packets (outgoing and incoming)

This is a basic guide on how to sniff packets of data incoming and outgoing from your remote machine/router. This is very helpful to detect if you are under a DDOS attack, flood, or being used as a possible 'zombie' in a botnet.

Why would you want to use this? You can monitor (literally) every packet coming in and outgoing from your machine so you know exactly what's going on. This logs the MAC addresses as well as the IP's. You are able to trace the IP's to see the location of where the packets are coming from to verify with yourself that it's safe or unsafe. It you are under attack, you will see a massive amount of packets coming in from multiple locations or a single location. If you do see a mass number of packets, you may filter the IP through your router so there can be no incoming connections from that IP, or you can contact your ISP for assistance.

Required program:
Commview: http://www.tamos.com/bitrix/redirec...vent2=commview&event3=cv6&goto=/files/cv6.zip
WinRAR: http://download.cnet.com/WinRAR/3000-2250_4-10745708.html

Step one: (setting up Commview)
After downloading Commview, save the .rar extension file to your desktop for easy-access. Open the .rar extension file with WinRAR and extract the setup file to your desktop.

-Open the installer.
-Press Next.
-Accept the user license agreement by pressing 'yes'.
-Click "enterprise VoIP mode: all features avalible" as your option to install.
-Press Next.
-Press Next. (Unless you want to change the destination folder)
-Press Next.
-Select the language you'd prefer Commview to be in, make sure you check launch after the install. Commview is enabled, and choose if you want it on your desktop or not.
-Press Next.
-It will now install Commview.
-Press 'Finish'
-Commview will now want to install drivers onto your computer so the processes it completes can be done. In this case, packet sniffing. This is required, press 'yes'.
-For some users, a dialog box will appear saying the drivers are not verified through windows, simply continue anyway as this is a trusted company. The drivers are not verified through microsoft, no but the program works great.

Step two: (Running Commview)

This is the basic interface screen of Commview:



To start tracing packets, there is a drop-down menu at the top by 'Local Area Connection' if you are running on a LAN, keep it on that setting. If you are running on a wireless connection, click the drop-down menu and click 'Wireless Network Connection' AKA: WAN.



After choosing your network, click the 'play' button which means start shown in the picture above circled in red. This takes a few moments, but once it starts you will start to see your incoming/outgoing connections and incoming/outgoing packets.



This image shows the general packets receiving and outgoing. It will show what programs the packets have a gateway to, it will show the IP number of the sending packets or the receiving packets as well as the host name.

Step 3: (Advanced packet tracing)
At the top, you see tabs. The tabs consist of latest ip connections, packets, VoIP, and so forth. Click the Packets tab.



As shown, when you highlight the packet you will see at the bottom your MAC address and the senders MAC address. This can come in handy if you want to filter out connections from the sender if you are under attack. This also shows what was contained in the packets (encrypted data) which can also come in handy if you want to decrypt the packet to see what it contains.

How can this help you exactly? Well, if you are under a DDOS/Flood attack or even a botnet zombie, you will be able to detect it easily by massive amounts of packets being sent and received from you to the destination IP. You can also monitor your network bandwidth use in-case you are limited on bandwidth, you can see how much you use on a certain site precise so you know you need to limit yourself on that specific site.

Now let's see if you didn't want to monitor all the incoming connections, how about one status report screen? Here's how to do it.



Go to View > Statistics as shown in the picture and a box will appear with your statistics which should look like this:



This will give you a general overview of the statistics of outgoing and incoming packets. Always stay safe, I am here to inform and teach you all about how to stay safe on the internet and catch hackers as they hit you. If you have questions or concerns please PM me or add me on MSN. I will be more than glad to answer any questions you may have.

Note:
Under recent IP connections, if you right click an IP there are many options to see who that person really is, where the packets are actually coming from, what they consist of, and much more.

Guide 2/5 for UE.​

 

This looks really good and thorough. If I had a PC I would use this
8/10

 

Thanks for the rating. I can see why it's an 8/10 for not having a PC. What OS do you have? I might be able to personally teach you how to sniff packets on Linux/Mac/Unix.

 

I personally like using peerguardian more but yeah good guide

 

Never heard of it to be honest. Personally this helps me with all my networking needs when it comes down to packet tracing. When I was hosting a private server, and when ddosers came to ddos me, it was very easy to find and detect them since your able to see what port their sending it through. So I managed to blacklist the IP within a matter of minutes by tracing. Thanks for the post and rating, I appreciate it.