Printable View
Hello all, I have two question: the first is "how can I catch some session(ex. telnet), without to be in the LAN?", and second one is "how can I change the source address of packets that I send?"
10x to everybody who can help me ... or just read this :)
i read this !
If you are not on the same network segment as the traffic you are trying to capture then you can't do it from your box. If the traffic is routed across subnets you need to be on one of the segments at either end or any one in between. Basically, if your network card is not on a subnet through which the traffic passes then you will never be able to see it.
If the network you are on carries the traffic you are trying to capture is a switched network, (rather then hubbed), you will not be able to capture it because the traffic will never be directed towards your network card.
Are there ways around this? Yes. In a hubbed network install a sniffer on the network segment that the traffic will pass through that forwards the traffic to your box. On a switched network it's more difficult but you could either use ARP poisoning or DNS poisoning. In either case your box, (or your sniffing box you installed on the switched network), would have to be set up to log and forward the packets and then re-forward them to their correct destination or the conversation between the two machines would never take place.
IP spoofing is possible..... How you try to use it and whether it would work would depend on what you are trying to do, how well you have planned the exercise and your knowledge of TCP/IP.
I trust you have no intention of using such knowledge in an immoral or unethical way!
On a switched network try learning DSNIFF and its toolset. It comes with ARPSPOOF and you can perform a man in the middle attack...(ie you will be spoofing the senders IP). You can modify the payload of the packets and forward them to the receiver. Just a thought..
Ah.. Social Engineering is still the best way to hack... :)
I would suggest learning more about TCP/IP before even attempting any of the more 'advanced' tricks. If you don't you'll be nothing more then a scriptkiddie. Everyone knows we already have enough of those.
Just to add to what Tiger Shark and meloncholy were saying about the switched networks.
They gave you two methods and tools that will allow you to sniff a switched network.
If you have managed switches, you can configure a port to mirror other ports.
It will still have its switching capability, but all or the specified ports will be mirrored to one port (or more) of your choice where you can have your NIC sniffing.
This is referred to as port spanning or port mirroring? (At least I think...)
The ARPSPOOF that they are talking about will effectively turn your switch into a hub, thus slowing down your network because of all the traffic all over the place.
ARPSPOOF can also be done with ettercap.