sniffing
Results 1 to 7 of 7

Thread: sniffing

  1. #1
    Member
    Join Date
    Dec 2002
    Posts
    58

    sniffing

    I heard that network sniffing can only be possible when we use a hub. When we use a switch, it processes the data packet and send it only to the destination connection. How this is possible?

    Is there any way to find out whether my packets are being sniffed?
    God is Love

  2. #2
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018

    Re: sniffing

    Originally posted here by Sun
    I heard that network sniffing can only be possible when we use a hub. When we use a switch, it processes the data packet and send it only to the destination connection. How this is possible?

    Is there any way to find out whether my packets are being sniffed?
    Packet sniffing, in it's simplest form can only be done on a hub.

    However with ARP cache poisoning it can be done accross switched networks:

    http://www.antionline.com/showthread...hreadid=243986

    http://www.antionline.com/showthread...hreadid=241711

    These should give you some further ideas.
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Yes, and one tool that you can grab in order to play with ARP poisoning for a proof-of-concept is ETTERCAP.

    Version 0.6.b is out and you can download it from here:
    http://ettercap.sourceforge.net/

    Note that you will need a *nix box, Mac OS-X or cygwin on your windows box to compile and run this.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Member
    Join Date
    Dec 2002
    Posts
    58
    Thanks Steve for the links. I must have been away from AO by the time those threads arrived.

    I am afraid that from a public lan my passwords are not secure.
    God is Love

  5. #5
    Senior Member
    Join Date
    Feb 2003
    Posts
    109
    As long as your passwords are not transmitted in plaintext, they are fine.

    You should only worry if you use alot of unencrypted protocols or ones that transmit the password in plaintext such as:

    1. POP
    2. HTTP Basic Auth
    3. FTP
    4. rsh
    $person!=$kiddie or die(\"Alas, die you hotmail hacker!!\");
    SecureVision

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    114
    Originally posted here by Sun
    I am afraid that from a public lan my passwords are not secure.
    Yes.

    It's not just the LAN you need to worry about, thought. From the LAN, your packets go out over some unknown path through the internet. The internet is just machines sending packets to each other, nothing magical there. It's possible that one or more of those machines may be compromised, and are looking through traffic for passwords.

    To a large extent, your risk depends on how you're connected to the net, and how the machine on the other end is connected. For instance, if you're both hooked up directly to Cogent's backbone*, you're probably cool**. But if you're going through a public wireless hotspot hooked up to a cable modem to some machine that's routed through several countries and a few satellites, you can be sure that at least somebody is listening in, even if they don't care about your packets.

    The only real solution is to use crypto. There's not really any reason to not support it these days. Most decent ISPs will give you SSL access to your email (at least via webmail), for instance.

    * not an endorsement, it's just that I belive that they own their own backbone net and don't use 3rd parties for the last mile.
    ** Unless somebody has installed a tap in the fiber or something. Mmmm, Carnivore

  7. #7
    Senior Member
    Join Date
    Aug 2001
    Posts
    100
    i personally favour this tool for windows
    http://analyzer.polito.it/install/default.htm
    <--snip-->
    Analyzer is a full configurable network analyzer program for Win32 environment. Analyzer is able to capture packets on all platforms (and link-layer technologies)
    <--snap-->

    free, lots of configuration possibillities
    \"Knowledge is the Real Power\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •