Analyzing traffic / protocols
-
Recently I've spotted the download manager "Hidownload" (www.hidownload.com), and I'm wondering how they're analyzing the web-traffic. They're catching url's to streamed RealMedia files, WMV files etc. Now I know how to get download URL's from IE etc., but they seem to be doing it on a very low level. (You have to specify which network-card you want to monitor.) Does anyone have a clue how to do this ?
-
Recently I've spotted the download manager "Hidownload" (www.hidownload.com), and I'm wondering how they're analyzing the web-traffic. They're catching url's to streamed RealMedia files, WMV files etc. Now I know how to get download URL's from IE etc., but they seem to be doing it on a very low level. (You have to specify which network-card you want to monitor.) Does anyone have a clue how to do this ?
Some of the packet sniffer programs do the same thing.... First thing they do, is put your NIC into a "promiscuous" mode. This mode allows your computer to see all packets that pass by it, not just the ones that are destined for that machine. This also assumes that the "watching" computer is on the same segment of LAN (same part of the network switch) that the "watched" machines are on. I don't know how to accomplish this, but I do know that this is NOT SUPPORTED ON ALL ethernet adapters. -p
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Peter Weyzen Staff Engineer [Santa Cruz Networks](http://www.santacruznetworks.com) -
Some of the packet sniffer programs do the same thing.... First thing they do, is put your NIC into a "promiscuous" mode. This mode allows your computer to see all packets that pass by it, not just the ones that are destined for that machine. This also assumes that the "watching" computer is on the same segment of LAN (same part of the network switch) that the "watched" machines are on. I don't know how to accomplish this, but I do know that this is NOT SUPPORTED ON ALL ethernet adapters. -p
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Peter Weyzen Staff Engineer [Santa Cruz Networks](http://www.santacruznetworks.com) -
Uhh... ok :) I don't think it's needed to see all packets that pass by though, after all all you want is to know what files are accessed by what protocol. No need to spy on other datatraffic, right..?
Uhhh... how are you gonna figure out what higher-level-protocols are in use? except to watch all packets that go by, and analyze those.... Your ethernet card knows nothing about actual protocols. It only knows how to accept or deny ethernet packets.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Peter Weyzen Staff Engineer [Santa Cruz Networks](http://www.santacruznetworks.com) -
Uhh... ok :) I don't think it's needed to see all packets that pass by though, after all all you want is to know what files are accessed by what protocol. No need to spy on other datatraffic, right..?
I should add that I misread a bit. They are sitting on the network card, and analyzing all data that comes to it. They don't need promiscuous mode, unless you want to see traffic generated on other machines too. But the premise is the same, they are just watching the traffic coming over the card, and it's pretty easy to catch all of that that stuff at that point.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Peter Weyzen Staff Engineer [Santa Cruz Networks](http://www.santacruznetworks.com) -
I should add that I misread a bit. They are sitting on the network card, and analyzing all data that comes to it. They don't need promiscuous mode, unless you want to see traffic generated on other machines too. But the premise is the same, they are just watching the traffic coming over the card, and it's pretty easy to catch all of that that stuff at that point.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Peter Weyzen Staff Engineer [Santa Cruz Networks](http://www.santacruznetworks.com) -
Would you know of any source / info that could show me how to do this ? (Get the lowlevel-packet-data ?)