Results 1 to 7 of 7

Thread: catch&change

  1. #1
    Senior Member
    Join Date
    Jul 2003
    Posts
    166

    Lightbulb catch&change

    Hello all, I have two question: the first is "how can I catch some session(ex. telnet), without to be in the LAN?", and second one is "how can I change the source address of packets that I send?"
    10x to everybody who can help me ... or just read this

  2. #2
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    i read this !
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    If you are not on the same network segment as the traffic you are trying to capture then you can't do it from your box. If the traffic is routed across subnets you need to be on one of the segments at either end or any one in between. Basically, if your network card is not on a subnet through which the traffic passes then you will never be able to see it.

    If the network you are on carries the traffic you are trying to capture is a switched network, (rather then hubbed), you will not be able to capture it because the traffic will never be directed towards your network card.

    Are there ways around this? Yes. In a hubbed network install a sniffer on the network segment that the traffic will pass through that forwards the traffic to your box. On a switched network it's more difficult but you could either use ARP poisoning or DNS poisoning. In either case your box, (or your sniffing box you installed on the switched network), would have to be set up to log and forward the packets and then re-forward them to their correct destination or the conversation between the two machines would never take place.

    IP spoofing is possible..... How you try to use it and whether it would work would depend on what you are trying to do, how well you have planned the exercise and your knowledge of TCP/IP.

    I trust you have no intention of using such knowledge in an immoral or unethical way!
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    On a switched network try learning DSNIFF and its toolset. It comes with ARPSPOOF and you can perform a man in the middle attack...(ie you will be spoofing the senders IP). You can modify the payload of the packets and forward them to the receiver. Just a thought..

  5. #5
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Ah.. Social Engineering is still the best way to hack...
    -Simon \"SDK\"

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    I would suggest learning more about TCP/IP before even attempting any of the more 'advanced' tricks. If you don't you'll be nothing more then a scriptkiddie. Everyone knows we already have enough of those.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Just to add to what Tiger Shark and meloncholy were saying about the switched networks.

    They gave you two methods and tools that will allow you to sniff a switched network.

    If you have managed switches, you can configure a port to mirror other ports.
    It will still have its switching capability, but all or the specified ports will be mirrored to one port (or more) of your choice where you can have your NIC sniffing.

    This is referred to as port spanning or port mirroring? (At least I think...)

    The ARPSPOOF that they are talking about will effectively turn your switch into a hub, thus slowing down your network because of all the traffic all over the place.

    ARPSPOOF can also be done with ettercap.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •