Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Packet sniffers?

1 view
Skip to first unread message

Mitch@_._

unread,
Aug 24, 2008, 10:40:43 PM8/24/08
to
I'm trying to figure out why my XBox Live performance is so horrible,
since I always shut down all internet activities on the PC's before
trying to connect.

I found out about packet sniffers today, and installed Wireshark.

With every thing that I know of (email, web, download managers, etc.)
shut down, I still have tons of packet activity. Is that normal?

I have no idea how to make sense of what's going on, but there are
many different IP's as the source, with the IP of my PC as the
destination.

Scott Perry

unread,
Aug 25, 2008, 8:57:48 AM8/25/08
to
Wireshark, formerly known as Ethereal, is a free and excellent protocol
analyzer. I encourage anyone involved in networking to use this product. I
should also mention that Microsoft Windows has a free network protocol
analyzer available. In the downloads section of the Microsoft website, look
for Network Monitor 3.0. This is the packet sniffer that can be installed
to Windows XP.

Remember that a packet sniffer only shows data going through the switchport
which you are connected to. If you are using an ethernet switch, you will
not be able to see data going between other switchports. You need to be
connected to a hub in order to see data from all ports. If your switch has
a feature to allow a port to see all data on another port, then you can
properly sniff another computer's traffic. Otherwise you need to put your
sniffer software on the PC which is connected to the port that you want to
monitor.
If this is unclear, reference how an ethernet switch communicates unicast,
multicast, and broadcast traffic for a more clear reason for sniffing
complications.

There will be ethernet frame activity even if the hosts (PCs, Xbox, etc...)
are not actively trying to make a connection. You need to be aware of what
frames and packets are going across the network when the hosts are idle:
- ARP resolves MAC addresses for IP addresses. Hosts will broadcast to
determine the MAC address to send traffic to for certian IP addresses or
determine the MAC address of their default gateway for IP addresses outside
of their IP subnet.
- DHCP traffic will exchange when hosts without a static IP address boot
- DNS traffic will exchange
- Cisco routers and switches, by default, will send Cisco Discovery
Protocol (CDP) every minute
- Cisco routers and switches may send loop packets to determine if loops
exist and if interfaces are up
- Ethernet switches supporting spanning-tree protocol will send bridge
protocol data units (BPDU) every 2 seconds to check for other spanning-tree
switches and ethernet loops
- Microsoft PCs running NetBIOS processes will advertise for a browse
master every so often and perform election processes
Also, Microsoft Windows Update will run after Windows PCs boot. This is
attempted even if the PC is not connected to the Internet because the
computer checks for a connection after booting.

-----
Scott Perry
Indianpolis, IN
-----

<Mitch@_._> wrote in message
news:aa04b412t1m3h6pps...@4ax.com...

Mitch@_._

unread,
Aug 25, 2008, 9:27:45 AM8/25/08
to
Very helpful stuff. Thank you.
Give me an internship where you work. :-)

Scott Perry

unread,
Aug 25, 2008, 11:07:44 AM8/25/08
to
You would have to live in the same city. Then again, there are no
internships for IT/MIS where I work or in my past positions. Even if so,
then you would be better searching CareerBuilder, Dice, and a few other
sites for CCNP, not CCNA. Too often companies list CCNA for Microsoft
server jobs - do not ask me why. Several companies around here are still
looking for networking, specifically Cisco, and not all of them are
involving voice systems. Yeah, Cisco networking and voice are the ticket
right now.

-----
Scott Perry
Indianapolis, IN
-----

<Mitch@_._> wrote in message
news:cpc5b49fhgi4d2n5e...@4ax.com...

Mitch@_._

unread,
Aug 25, 2008, 12:06:02 PM8/25/08
to
On Mon, 25 Aug 2008 11:07:44 -0400, "Scott Perry"
<scott.perry@somecompany> wrote:

>You would have to live in the same city.

My house if for sale as we speak. :-)

I would love to get something where I could learn on-the-job, but I
know that's a pipe dream these days.

bnl...@gmail.com

unread,
Aug 26, 2008, 9:13:10 AM8/26/08
to
Wireshark allow you to filter traffic based on destination and source
mac address or IP address. Find out your XBox`s mac or IP address and
filter these packets using source OR destination addresses (MAC or
IP).

And you must use a hub to do that.

Regards,

Brunno Lopes

Mitch@_._

unread,
Aug 26, 2008, 11:22:01 AM8/26/08
to

>Wireshark allow you to filter traffic based on destination and source
>mac address or IP address. Find out your XBox`s mac or IP address and
>filter these packets using source OR destination addresses (MAC or
>IP).


Thanks. This stuff is more fascinating than I expected it to be.
After reading about the OSI and TCP/IP, I have a whole new respect for
what goes on when I click a link.

0 new messages