M
Mike Welch
Thanks for all the leads. I've been looking at all of these for the
last couple of days (one of the few nice things about being
unemployed...sigh).
I haven't tried Fiddler or NaviScope because I just saw those posted.
Those seem to be the only thing that works at all for me. Below are
the results of my search and I'm baffled. I must be missing
something, and I'll bet it's a simple thing, but as this is all new to
me I don't know what to check.
Of everything I tested, Proxomitron was the only thing that delivered
any results whatsoever. None of the "sniffers" ever did a single
thing. I'd start them up, then load IE, and I'd never see any TCP/IP
activity (except for the tool by sysinternals, which just shows
function calls).
The proxies are probably what I was looking for, but now that I've
spent so much time on these other things, I'm determined to find out
what I'm doing wrong, and interested in at least seeing one of them
actually work!
I'm hoping from the results below, someone will be able to point out
an obvious problem that will make these work.
This is a long post, but I've spent days with it and maybe what we
turn up will be useful to someone else someday...
I'm wondering if the fact that I'm on WiFi might have something to do
with it, though I don't see why since it's still going through TCP/IP.
Or, maybe there's something screwy about my Toshiba 6100 laptop. Or,
maybe nobody supports the Atheros card in the laptop. Or maybe it's
XP pro and one of the many MANY service packs I've installed? Or
maybe it's just not God's will and I should sell everything I own and
follow him...sigh.
One last remark: I do have the latest version of WinPCap installed,
and I do have administrator privs.
Thanks for any light anyone can shed on this.
----[results of tests]-----
NetworkActiv PIAFCTM v1.5.2 (April 1, 2003) version
Returned the following error dialog
(Tip: did you know you could Ctrl+C most message dialogs these
days and copy the text?)
---------------------------
Unable to listen
---------------------------
Unable to listen on the interface: xxx.xxx.xxx.xxx
The chosen interface must be a NIC or Modem.
Make sure your NIC is enabled.
Note: Windows 2000 (or higher) is required.
You must be logged on with an administrative account.
---------------------------
OK
---------------------------
Network Probe 0.5
Installed fine
Generated error on run that it was missing Java runtime
Hunted that down, downloaded it and attempted to install
Sun Java runtime install failed
Researched and found registry key to delete
Installed Java runtime OK this time
Ran again, but nothing ever happened
EtherReal
Installed fine
No errors
Nothing was ever logged
ZxSniffer
Installed OK
Recieved the following error dialog
---------------------------
Error
---------------------------
Cannot set device filter mode
---------------------------
OK
---------------------------
HTML Debug 1.0
Does a fine job of showing HTML data coming back, but not a snoop.
You enter URL in the app directly.
I can't remember where I got this app, but exe dump
revealed it's written in Delphi...
Just does HTTP GET and shows result
Sam Spade
Same as HTML Debug 1.0 above
Other stuff, like crawling, works fine
NetStat Live
http://www.analogx.com/contents/download/network.htm
This util, that tries to determine actual throughput,
actually works, and it's a TCP/IP monitor. This tells
me the other stuff should work too...
PacketMon
Written by the same guy who wrote NetStat Live, this
returns the following error:
"Unable to open raw socket, packet monitoring cancelled"
See next item for commeent about raw sockets
SocketToMe
sockettome.exe
Gibson research utility that checks to see if raw sockets
are enabled reports "Full raw sockets are available!"
Please shoot me...
IP Ultra Monitor 2000
This util just scans ports on remote machines to see what's
open. It works, just not what I'm looking for.
SnoopAnalyzer Standard
When I try to select the device, it shows a GUID.
When I select it, I get the following dialog:
---------------------------
Error
---------------------------
No Adapter is found
---------------------------
OK
---------------------------
SysInternals TDIMon
Monitors TCP/UDP
This works, but doesn't show data, apparently just shows
function calls that are being made.
Proxomitron
This one shows some promise and actually did do some
things. I need to work with it more.
NetWorld Scanner
This utility takes a submask and returns all IPs for that
submask in the range 0-255
This works too
I have tried turning off the ICF (Internet Connection Firewall) of XP
on some tests, but it didn't help. I didn't have it off on all tests
though, and never rebooted after turning it off. Again, Gibson's tool
said raw sockets were enabled anyway.
I have no other firewalls running (yet). Just using a LinkSys 802.11b
access point (WiFi).
Signed,
Frustrated in Dallas...
last couple of days (one of the few nice things about being
unemployed...sigh).
I haven't tried Fiddler or NaviScope because I just saw those posted.
Those seem to be the only thing that works at all for me. Below are
the results of my search and I'm baffled. I must be missing
something, and I'll bet it's a simple thing, but as this is all new to
me I don't know what to check.
Of everything I tested, Proxomitron was the only thing that delivered
any results whatsoever. None of the "sniffers" ever did a single
thing. I'd start them up, then load IE, and I'd never see any TCP/IP
activity (except for the tool by sysinternals, which just shows
function calls).
The proxies are probably what I was looking for, but now that I've
spent so much time on these other things, I'm determined to find out
what I'm doing wrong, and interested in at least seeing one of them
actually work!
I'm hoping from the results below, someone will be able to point out
an obvious problem that will make these work.
This is a long post, but I've spent days with it and maybe what we
turn up will be useful to someone else someday...
I'm wondering if the fact that I'm on WiFi might have something to do
with it, though I don't see why since it's still going through TCP/IP.
Or, maybe there's something screwy about my Toshiba 6100 laptop. Or,
maybe nobody supports the Atheros card in the laptop. Or maybe it's
XP pro and one of the many MANY service packs I've installed? Or
maybe it's just not God's will and I should sell everything I own and
follow him...sigh.
One last remark: I do have the latest version of WinPCap installed,
and I do have administrator privs.
Thanks for any light anyone can shed on this.
----[results of tests]-----
NetworkActiv PIAFCTM v1.5.2 (April 1, 2003) version
Returned the following error dialog
(Tip: did you know you could Ctrl+C most message dialogs these
days and copy the text?)
---------------------------
Unable to listen
---------------------------
Unable to listen on the interface: xxx.xxx.xxx.xxx
The chosen interface must be a NIC or Modem.
Make sure your NIC is enabled.
Note: Windows 2000 (or higher) is required.
You must be logged on with an administrative account.
---------------------------
OK
---------------------------
Network Probe 0.5
Installed fine
Generated error on run that it was missing Java runtime
Hunted that down, downloaded it and attempted to install
Sun Java runtime install failed
Researched and found registry key to delete
Installed Java runtime OK this time
Ran again, but nothing ever happened
EtherReal
Installed fine
No errors
Nothing was ever logged
ZxSniffer
Installed OK
Recieved the following error dialog
---------------------------
Error
---------------------------
Cannot set device filter mode
---------------------------
OK
---------------------------
HTML Debug 1.0
Does a fine job of showing HTML data coming back, but not a snoop.
You enter URL in the app directly.
I can't remember where I got this app, but exe dump
revealed it's written in Delphi...
Just does HTTP GET and shows result
Sam Spade
Same as HTML Debug 1.0 above
Other stuff, like crawling, works fine
NetStat Live
http://www.analogx.com/contents/download/network.htm
This util, that tries to determine actual throughput,
actually works, and it's a TCP/IP monitor. This tells
me the other stuff should work too...
PacketMon
Written by the same guy who wrote NetStat Live, this
returns the following error:
"Unable to open raw socket, packet monitoring cancelled"
See next item for commeent about raw sockets
SocketToMe
sockettome.exe
Gibson research utility that checks to see if raw sockets
are enabled reports "Full raw sockets are available!"
Please shoot me...
IP Ultra Monitor 2000
This util just scans ports on remote machines to see what's
open. It works, just not what I'm looking for.
SnoopAnalyzer Standard
When I try to select the device, it shows a GUID.
When I select it, I get the following dialog:
---------------------------
Error
---------------------------
No Adapter is found
---------------------------
OK
---------------------------
SysInternals TDIMon
Monitors TCP/UDP
This works, but doesn't show data, apparently just shows
function calls that are being made.
Proxomitron
This one shows some promise and actually did do some
things. I need to work with it more.
NetWorld Scanner
This utility takes a submask and returns all IPs for that
submask in the range 0-255
This works too
I have tried turning off the ICF (Internet Connection Firewall) of XP
on some tests, but it didn't help. I didn't have it off on all tests
though, and never rebooted after turning it off. Again, Gibson's tool
said raw sockets were enabled anyway.
I have no other firewalls running (yet). Just using a LinkSys 802.11b
access point (WiFi).
Signed,
Frustrated in Dallas...
