January 16th, 2004, 12:46 PM
Hello all, I have two question: the first is "how can I catch some session(ex. telnet), without to be in the LAN?", and second one is "how can I change the source address of packets that I send?"
10x to everybody who can help me ... or just read this
January 16th, 2004, 12:59 PM
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio
the best station for C64 Remixes !
January 16th, 2004, 01:07 PM
If you are not on the same network segment as the traffic you are trying to capture then you can't do it from your box. If the traffic is routed across subnets you need to be on one of the segments at either end or any one in between. Basically, if your network card is not on a subnet through which the traffic passes then you will never be able to see it.
If the network you are on carries the traffic you are trying to capture is a switched network, (rather then hubbed), you will not be able to capture it because the traffic will never be directed towards your network card.
Are there ways around this? Yes. In a hubbed network install a sniffer on the network segment that the traffic will pass through that forwards the traffic to your box. On a switched network it's more difficult but you could either use ARP poisoning or DNS poisoning. In either case your box, (or your sniffing box you installed on the switched network), would have to be set up to log and forward the packets and then re-forward them to their correct destination or the conversation between the two machines would never take place.
IP spoofing is possible..... How you try to use it and whether it would work would depend on what you are trying to do, how well you have planned the exercise and your knowledge of TCP/IP.
I trust you have no intention of using such knowledge in an immoral or unethical way!
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
January 16th, 2004, 01:50 PM
On a switched network try learning DSNIFF and its toolset. It comes with ARPSPOOF and you can perform a man in the middle attack...(ie you will be spoofing the senders IP). You can modify the payload of the packets and forward them to the receiver. Just a thought..
January 16th, 2004, 01:52 PM
Ah.. Social Engineering is still the best way to hack...
January 16th, 2004, 01:57 PM
I would suggest learning more about TCP/IP before even attempting any of the more 'advanced' tricks. If you don't you'll be nothing more then a scriptkiddie. Everyone knows we already have enough of those.
Experience is something you don't get until just after you need it.
January 16th, 2004, 02:02 PM
Just to add to what Tiger Shark and meloncholy were saying about the switched networks.
They gave you two methods and tools that will allow you to sniff a switched network.
If you have managed switches, you can configure a port to mirror other ports.
It will still have its switching capability, but all or the specified ports will be mirrored to one port (or more) of your choice where you can have your NIC sniffing.
This is referred to as port spanning or port mirroring? (At least I think...)
The ARPSPOOF that they are talking about will effectively turn your switch into a hub, thus slowing down your network because of all the traffic all over the place.
ARPSPOOF can also be done with ettercap.
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.