Snnifers...Possible to read the data
Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Snnifers...Possible to read the data

  1. #1
    Senior Member
    Join Date
    May 2003
    Posts
    159

    Snnifers...Possible to read the data

    Hi,

    I have often heard people using sniffers to get info abt the packets travelling over the network..

    I tried once with a Packet sniifer..... But when it started capturing packets.... there was not much i could make out of it....

    I did get info abt packet ids and how they are generated.. But again I dont know how it can help the potential hacker.....

    But does sniffers give out the information abt the data travelling ???

    Does this have anything to do with Session Hacking.. Could be hack a session by knowing info abt packer travelling on the network....

    Shall appreciate your comments for the same.....

    Regards

    kalp

  2. #2
    Senior Member
    Join Date
    Jul 2002
    Location
    Texas
    Posts
    168
    The reason you couldnt make out anything from the packets is that they probably didnt contain plain text so you could have been looking at any type of data.

    Sniffers can help a hacker find out usernames and passwords travelling across the network if he can recognize it in the packet. They can also help with session hijacking (wont go into that)

    From what i know the only info a packet sniffer can give you about the packets it recieves deals with the packets and not the data within.

    Hope this helped a bit
    <chsh> I've read more interesting technical discussion on the wall of a public bathroom than I have at AO at times

  3. #3
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    I'll just add a comment to Darksnake post:
    Sniffer are very useful to decode protocols behaviour. Even for high layer such as FTP, HTTP, ...
    I ind sniffer very useful for:
    - watching an attack in real time & keep traces
    - understand how a protocol works as a helper to papers such as RFC that are smtimes unreadable.
    [shadow] SHARING KNOWLEDGE[/shadow]

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    159
    Thanx darksnake,

    yeah I also noticed the same fact that you get all lot of host info abt the packets and its destination....

    But I was curious to know how a potential hacker could use the packet info to launch any destructive attack using the above info......

    Regards

    Kalp

    Hi networker..

    Is it that we can know from where are the packets been generated at the time of attack,,, but the same information can also be traced by my firewall.... then why do we need to use packet sniffers....

    One reason i found was during initial implementation of firewall.. where u run packet sniffer to study the traffic and determine which ports / services needs to activated and vice versa


    Regards

    Kalp
    ****** Any man who knows all the answers most likely misunderstood the questions *****

  5. #5
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    Originally posted here by anjali

    Hi networker..

    Is it that we can know from where are the packets been generated at the time of attack,,, but the same information can also be traced by my firewall.... then why do we need to use packet sniffers....
    For a very simple reason: The firewall is rule based and will log only drp traffic it has been config for!!!
    But what about flows passing through the firewall...

    Firewalls are not the magic box vendors want to convince us. frw does not guaranty security, it's just a tool that plays its role into security policy.
    [shadow] SHARING KNOWLEDGE[/shadow]

  6. #6
    Senior Member
    Join Date
    May 2003
    Posts
    159
    Networker in that case... where should you place ur snnifer.....

    I understand that it can only monitor the segment where it is place..... Now in corporate with many VLANS... would u need to have multiple sniffers on individual LAN segment ???

    Can it be a part of ur router.... where all incoming requestes are sniffed....

    Does sniffer have any impact on network (eg . Nwork congestion etc.)

    Many thanks networker for sharing above info.... I always wanted to know abt real use of sniffers.... This is clearing some of my doubts....

    Regards

    Kalp
    ****** Any man who knows all the answers most likely misunderstood the questions *****

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    anjali: Here's a real example of how I use a packet sniffer on an almost daliy basis. In this case I have a user running Outlook who tells me that she can't get her POP3 mail and Outlook keeps erroring out saying "cannot contact POP3 server XXX.XXX.XXX.XXX" Once the normal troubleshooting process has been gone through and the error remains I pull out the old Ethereal, (packet sniffer) and tell it to sniff packets from her machine to anywhere that are destined for port 110, (POP3) and ask her to initiate a mail send/receive.

    The things i will learn from this are:-

    1. Her machine is generating packets/or not
    2. her packets are being routed correctly to this network
    3. those packets are destined for the right server and port
    4. is the server responding appropriately
    (since POP3 transmissions are in plain text)
    5. is her mailbox name properly spelled
    6. is her password properly spelled
    7. what the unseen error message is that the server sends if any, (in this case "unknown user")

    Odd because the user has an account, she is spelling it correctly and the password is also correct. However, I know from experience that my mailserver does this from time to time and the account needs to be deleted and recreated. I do that having copied any outstanding amail aside and replacing it after the recreation and Bingo.... she's back in business....

    Packet sniffers are great tools and if you spend the time to learn TCP/IP flows etc and baseline some of the traffic on your network so you know what a good traffic flow for a protocol is then it can really help you see what is going on if things are not right.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    Senior Member
    Join Date
    May 2003
    Posts
    159
    tiger shark....

    Thanks dear indeed that was an excellent piece of info.......

    I didn't knew u could use sniffers for such purpose... Agreed you need to know and understand TCP very well to make any meaningful judgement from a Sniffer....

    I feel it is also essential to know Networking thoroughly...becasue the palcement of firewall is very imp. I tried one sniffer software.. it was hardly able to grab 14 packets in one hour....

    Could u tell why only few packets were captured... I had installed the same on my Work PC.... which is connected to the switch....

    I thought i would be able to monitor the complete vlan.. but i feel i was only able to hear few on packets generated from my pc only....

    Thanx
    ****** Any man who knows all the answers most likely misunderstood the questions *****

  9. #9
    Member
    Join Date
    Nov 2002
    Posts
    80
    anjali, one reason there might be that you are connected to a switch and not a hub.
    I asume you weren't doing anything at the time as even for one PC 14 packets in an hour sounds a little low.

    With a hub any packets that it recieves it broadcasts to all the computers connected to it. So with a sniffer you can see everything being sent to everyone on your bit of the network.

    With a switch, when a packet is recieved it is only sent to host identified and not just broadcast, I think this is done by using the MAC (hardware) address of the destination network card. So if the sniffer is running on your PC and you are connected to a switch you will see only the packets desitined for your PC or those sent from your PC.

    ps <quote>I had installed the same on my Work PC</quote> are you the admin as this will likely upset them.

  10. #10
    Senior Member
    Join Date
    May 2003
    Posts
    159
    exactly waverebel....

    I did mention that I connect to a switch...

    In that case how can i still sniff the packets as mentioned by tigershark in his previous post.....

    Yeah I was amazed at such low packets been caught.. But i was doing lot of activities.. but lot of packets were lost.. maybe it was my first try at sniffers.. so i thought i must have missed some settings....

    Regards

    kalp
    ****** Any man who knows all the answers most likely misunderstood the questions *****

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •