• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Who can recommend a program to capture network data

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page Previous  1, 2
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Security Related Software

View previous topic :: View next topic  
Author Message
squidly
Trusted SF Member
Trusted SF Member


Joined: 07 Oct 2002
Posts: 16777215
Location: Umm.. I dont know.. somewhere

Offline

PostPosted: Fri Jul 18, 2003 4:45 am    Post subject: Reply with quote

bsdjunkie wrote:
Quote:
if the sniffer is run on gateway or router ,you can receive other's password, if it is run on your OS, you can't


Would you care to place a bet on that??? Twisted Evil Cool



/me thinks telnet.. ftp.. web... AD

Ill take that bet that YOU CAN.

Hell I've done it! dsniff is a wonderfull suite of tools!.. speaking of which.. where did I put that list of passwords/logins? I wanna read someones hotmail account Smile
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger
s3cur3m3
Trusted SF Member
Trusted SF Member


Joined: 19 Jun 2003
Posts: 16777202
Location: US

Offline

PostPosted: Fri Jul 18, 2003 5:45 am    Post subject: Reply with quote

On a switched network, the ports on the switch can be mirrored to duplicate the traffic of other ports. How this is done depends on the manufacturer of the switch. Also, if a hub is used, all you need to do is plug the machine with the sniffer into another port on the hub and sniff away. You will catch all traffic traveling through the hub since it broadcasts everything out of every port.

Very noisy things, those darn hubs... Confused
Back to top
View user's profile Send private message
bsdjunkie
Trusted SF Member
Trusted SF Member


Joined: 13 Jun 2003
Posts: 2


Offline

PostPosted: Fri Jul 18, 2003 5:50 am    Post subject: Reply with quote

can we say arp poisoning? Razz
Back to top
View user's profile Send private message
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Fri Jul 18, 2003 6:12 am    Post subject: Reply with quote

So why is it so much easier to capture network data on a hub as oppossed to a router/switch?
Back to top
View user's profile Send private message
s3cur3m3
Trusted SF Member
Trusted SF Member


Joined: 19 Jun 2003
Posts: 16777202
Location: US

Offline

PostPosted: Fri Jul 18, 2003 6:18 am    Post subject: Reply with quote

Hubs are not "smart" devices. They do not learn what's attached to their ports. The result is: all traffic that comes into one of the ports is broadcast out of every other port to find the recipient. What does this mean? This means that any port on the hub will get copies of the data that was destined for one host connected to the hub. Yeah, I know, it takes all the fun out of it. ARP poisoning is much more interesting from what I've read. I haven't played with it yet, but intend to.


Happy sniffing. Wink
Back to top
View user's profile Send private message
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Fri Jul 18, 2003 8:04 am    Post subject: Reply with quote

Doh!!! I knew that, lol....common sense. Sorry for even askin Wink
So basically, hubs = insecure
Back to top
View user's profile Send private message
vlad902
Just Arrived
Just Arrived


Joined: 04 Jan 2003
Posts: 0


Offline

PostPosted: Sat Jul 19, 2003 7:16 am    Post subject: Reply with quote

Nothing is secure, hubs are fine for home networks or networks where you don't have worry about ARP poisoners, but it doesn't matter, ARP poisining is still possible on a switch (router should be no problem, never tried, never cared Smile, it can probably be achieved easily though, I doubt they check wether the MAC adress is real).
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Security Related Software All times are GMT + 2 Hours
Goto page Previous  1, 2
Page 2 of 2


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register