|
-
July 29th, 2003, 01:32 PM
#1
Member
sniffing
I heard that network sniffing can only be possible when we use a hub. When we use a switch, it processes the data packet and send it only to the destination connection. How this is possible?
Is there any way to find out whether my packets are being sniffed?
-
July 29th, 2003, 01:37 PM
#2
Re: sniffing
Originally posted here by Sun
I heard that network sniffing can only be possible when we use a hub. When we use a switch, it processes the data packet and send it only to the destination connection. How this is possible?
Is there any way to find out whether my packets are being sniffed?
Packet sniffing, in it's simplest form can only be done on a hub.
However with ARP cache poisoning it can be done accross switched networks:
http://www.antionline.com/showthread...hreadid=243986
http://www.antionline.com/showthread...hreadid=241711
These should give you some further ideas.
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
July 29th, 2003, 01:46 PM
#3
Yes, and one tool that you can grab in order to play with ARP poisoning for a proof-of-concept is ETTERCAP.
Version 0.6.b is out and you can download it from here:
http://ettercap.sourceforge.net/
Note that you will need a *nix box, Mac OS-X or cygwin on your windows box to compile and run this.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
July 29th, 2003, 01:56 PM
#4
Member
Thanks Steve for the links. I must have been away from AO by the time those threads arrived.
I am afraid that from a public lan my passwords are not secure.
-
July 29th, 2003, 03:59 PM
#5
As long as your passwords are not transmitted in plaintext, they are fine.
You should only worry if you use alot of unencrypted protocols or ones that transmit the password in plaintext such as:
1. POP
2. HTTP Basic Auth
3. FTP
4. rsh
$person!=$kiddie or die(\"Alas, die you hotmail hacker!!\");
SecureVision
-
July 29th, 2003, 04:03 PM
#6
Originally posted here by Sun
I am afraid that from a public lan my passwords are not secure.
Yes.
It's not just the LAN you need to worry about, thought. From the LAN, your packets go out over some unknown path through the internet. The internet is just machines sending packets to each other, nothing magical there. It's possible that one or more of those machines may be compromised, and are looking through traffic for passwords.
To a large extent, your risk depends on how you're connected to the net, and how the machine on the other end is connected. For instance, if you're both hooked up directly to Cogent's backbone*, you're probably cool**. But if you're going through a public wireless hotspot hooked up to a cable modem to some machine that's routed through several countries and a few satellites, you can be sure that at least somebody is listening in, even if they don't care about your packets.
The only real solution is to use crypto. There's not really any reason to not support it these days. Most decent ISPs will give you SSL access to your email (at least via webmail), for instance.
* not an endorsement, it's just that I belive that they own their own backbone net and don't use 3rd parties for the last mile.
** Unless somebody has installed a tap in the fiber or something. Mmmm, Carnivore
-
July 29th, 2003, 06:04 PM
#7
Senior Member
i personally favour this tool for windows
http://analyzer.polito.it/install/default.htm
<--snip-->
Analyzer is a full configurable network analyzer program for Win32 environment. Analyzer is able to capture packets on all platforms (and link-layer technologies)
<--snap-->
free, lots of configuration possibillities
\"Knowledge is the Real Power\"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
