Network Monitoring concept
Network monitoring tools are available to the administrator of a management tool. The use of such tools can monitor the status of networks, data flows and network transmission of information.
However, network monitoring tools are also commonly used by hackers tools. When information to express in the form of network transmission, they can use the Internet to monitor the way to attack. Will be set up in the network interface monitor mode, it can continue to be on-line transmission of the information intercepted.
Network Monitoring Internet can implement any one location, such as LAN in a host, or long-distance network gateway between the modem and so on. Hackers used the most are intercepted the user’s password.
What is the network monitoring
Network Monitoring is the hackers used a method. When successfully log into a network of the host, and has made it hosts the super-user privileges, often have to expand the result, the network tried to log in or seize control of other Friends of the host. The network monitoring is one of the most simple and most effective way, it often can easily be used other ways to get information.
On the network, monitoring the best place is at the gateway, router, firewall, a type of equipment, usually by network administrators to operate. The most convenient is to use an Ethernet in any one of the hosts on the Internet, this is the practice of the majority of hackers.
Ethernet can monitor the reasons for
In telephone lines and radio, microwave transmission in the monitoring of information is better understood, but people often do not understand why the LAN can be monitored. Some people have even asked: can not monitor the same network of information. Below on the Ethernet on a monitor in a number of principles. In token ring, the reason is similar.
For the purposes of a network attack against the people, to break through the gateway, router, firewall, the situation is extremely rare here by the security administrators can install some equipment, the network monitor, or use some specialized equipment, running Special monitoring software and to prevent any illegal visit to the Commissioner. However, no attention into a computer, quietly running a wiretapping program, a hacker is entirely possible. Monitoring is the consumption of CPU resources, in a shoulder the heavy task of a computer monitor, the administrator can be found immediately, because he found the computer’s slow response speed is amazing.
For a networked computer, the most convenient is to monitor the Ethernet, only the installation of a monitoring software, and then you can sit next to machines to monitor the information.
Ethernet agreement means the work will be sent to the packet sent to all the host together. In Baotou included in the packet should receive the host to the correct address. Therefore, only data packets and address the same goal in the console to be able to receive the letter package. However, when the host in monitoring mode, regardless of the goals of data packets What is the physical address, host will receive.
On the Internet, there are many such a LAN. Several dozen or even hosts a cable through a hub linked together. In the high-level or user agreements, the same network when the two host communication, the source host will aim to write a host IP address of the packet sent to the Gateway. However, this packet in the protocol stack and can not be sent directly from the top. To send data packets to be from the TCP / IP protocol layer to the IP network interface, data link layer.
Network interface does not recognize IP addresses. In the network interface from IP layer to the IP address of a packet of information have been added: the Zhentou Ethernet frame. In the message header, there are two domains were only network interface to identify the source and purpose of hosting the host physical address, which is a 48 address. The address is 48 and the corresponding IP address. In other words, an IP address is bound to a corresponding physical address. As a gateway for the host, since it connects the various networks, it also has multiple IP addresses, in each network, it has a. LAN to the outside of the frame is the gateway to bring in the physical address.
In Ethernet, fill out the physical address of the frame from the network interface, which is sent out from the card, sent to the physical line. If the LAN from a Xilan Culan or connecting from machine, digital signal transmission on the cable, the signal to reach the line on each host. When using the hub, the signal sent out at hub, from a hub to connect to the on-line in the letter of each line. Thus, in the physical transmission lines on the digital signal can also reach connected to the hub of each host.
Digital signal at a host of the network interface, under normal circumstances, network interface read into the data frame, check if the data in the frame with Dacron is their physical address, or physical address is broadcast address, will pay data frame To the upper protocol software, which is IP software layer, otherwise the frame will be discarded. For each arrived at the network interface data frame, we must undertake this process. However, when the host work in monitoring mode, then all of the data frame will be handed over to the upper protocol software processing.
LAN such work, a vivid example is that the room is like a big share of the channel, the inside of each person is like a mainframe. People have said it is the packet, in the room is spreading everywhere. When we speak of them when a certain person, all the people can hear. However, only the same name that person will be made to reflect on these words, for processing. The remaining people have heard these remarks can only be in a daze of speculation, whether in listening to others talk.
When connected to a cable or hub with the host logic was divided into several sub-networks, if a host at a monitoring mode, it can receive, and to his son is not the same network (using a different Masking, IP addresses and gateways), who host the letter package. In other words, in the same physical transmission of the channel all information can be received.
Many people will ask: can not monitor with a network of computer transmission of information. The answer is no, a computer can only monitor their own network interface through which the letter package. Otherwise, we will be able to monitor the entire Internet, how terrible situation will be.
To monitor work in host mode, the need to network interface (Interface) to send I / O control orders, be set to monitor mode. In the UNIX system, the need to send these orders super-user privileges. This restriction in the UNIX system, ordinary users can not monitor the network. Only the super-user access to network monitoring. However, in the Internet in the Windows 95, there is no such limits. As long as the operation of this type of monitoring software can be. At the same time, computer software running on such a simple operation of the monitoring information to a comprehensive and strong characteristics.
Currently the vast majority of computer networks to share the use of the communication channel. From the above discussion, we know that the communication channel sharing means that the computer could accept to another computer information.
In addition, it is necessary to note that, Internet use in most of the early agreements are designed to achieve many of the agreements are based on a very friendly, communication between the parties on the basis of full confidence. Therefore, until now, network security still very fragile. Usually in the network environment, all of the user’s information, package in hand account and password information is to express the way the Internet transmission. Therefore, a network hackers and network attacks, network monitoring, access to the user’s information is not a very difficult thing. As long as a preliminary network and TCP / IP protocol knowledge, can be easily monitored from the information extracted interested in the part.
Network Monitoring often want to save a lot of information, the information collected a lot of finishing work, therefore, the ongoing monitoring of the machine to the user very slow response to the request.
First, the network monitoring software running, it needs to consume a large amount of processor time, and if at this time, on a detailed analysis of the contents of packages, many packets will come not receive the letter and left out. Therefore, the network monitoring software usually will be to monitor the packet stored in the document, pending further analysis of the future.
Secondly, the network data packets are extremely complex, even if the row between the two hosts send and receive data packets, to monitor the results, among many other inclusions will host interactive data packets. Monitoring software will be the same TCP session finishing the package together, is already a very good. If users also want more detailed information Mi sorted out, according to an agreement on the package needs a lot of analysis. Faced with so many on the network agreement, the monitoring software will be huge.
In fact, to find such information is not a difficult task. According to the law as long as certain, it is easy to useful information extracted from January 1.