OK I have been fooling around with NetCat and Tethereal. What I have been trying to figure out is how to scan incoming and outgoing information from an IP within my local LAN.

So I am on 192.168.1.1 and machine 192.168.1.2 is online doing something. 192.168.1.1 is a linux box, and 192.168.1.2 is a Win98 box.

Tethereal will can incoming and outgoing traffic on my NIC for the linux box. How can I get that or something else to scan the same stuff but on the 192.168.1.2 box?

As long as the program puts your network card into "promiscuous mode" it will scan all traffic on your LAN, whether or not it is addressed to your computer. Tcpdump and tcpflow are two programs that do this automatically.

Once the card is in promiscuous mode, you can just set up a filter to show only traffic from or to the specified computer. Never having used NetCat or Tethereal I have no idea how they work, but for tcp(dump|flow) it's very simple once you read the man page.

I hope you're not planning anything illegal ;)

If you are on a switch then you cant just sniff packets that another computer is transmitting. Switches are smart enough to not just broadcast everything out to all ports like a hub would do. The switch will only send packets to the destination port on the switch that is associated to the mac address of where the data is supposed to be transmitted to. A hub however will just send it out to all ports on the hub and whoever has the mac address that is supposed to get the data says "I'll take that packet" and everyone else on the hub looks at the packet and says "that is not for me" and drops the packet. So to the good stuff, if you are on a switch and how you can still sniff the packets..

There is a application called Hunt.

http://lin.fsid.cvut.cz/~kra/index.html

Hunt is a much a lot smarter than tcpdump or any other packet sniffers that just dump raw data. It is also capable of session hijacking (that should only be used for experimental use.) What Hunt can do is trick other computer and poison their arp cache so that they think they should be sending data to you (your port on the switch) instead of the host that the computer was talking to, and hunt will be almost like a relay station where data from his computer is getting transmitted to your mac address/port on the switch allowing you to sniff it then pass it along to the port where it should have gone in the first place.

As said before EXPERIMENTAL USE ONLY. Don't do anything stupid.