View previous topic :: View next topic |
Author |
Message |
squidly Trusted SF Member
Joined: 07 Oct 2002 Posts: 16777215 Location: Umm.. I dont know.. somewhere
|
Posted: Fri Jul 18, 2003 4:45 am Post subject: |
|
|
bsdjunkie wrote: |
Quote: |
if the sniffer is run on gateway or router ,you can receive other's password, if it is run on your OS, you can't |
Would you care to place a bet on that??? |
/me thinks telnet.. ftp.. web... AD
Ill take that bet that YOU CAN.
Hell I've done it! dsniff is a wonderfull suite of tools!.. speaking of which.. where did I put that list of passwords/logins? I wanna read someones hotmail account
|
|
Back to top |
|
|
s3cur3m3 Trusted SF Member
Joined: 19 Jun 2003 Posts: 16777202 Location: US
|
Posted: Fri Jul 18, 2003 5:45 am Post subject: |
|
|
On a switched network, the ports on the switch can be mirrored to duplicate the traffic of other ports. How this is done depends on the manufacturer of the switch. Also, if a hub is used, all you need to do is plug the machine with the sniffer into another port on the hub and sniff away. You will catch all traffic traveling through the hub since it broadcasts everything out of every port.
Very noisy things, those darn hubs...
|
|
Back to top |
|
|
bsdjunkie Trusted SF Member
Joined: 13 Jun 2003 Posts: 2
|
Posted: Fri Jul 18, 2003 5:50 am Post subject: |
|
|
can we say arp poisoning?
|
|
Back to top |
|
|
PhiBer SF Mod
Joined: 11 Mar 2003 Posts: 20 Location: Your MBR
|
Posted: Fri Jul 18, 2003 6:12 am Post subject: |
|
|
So why is it so much easier to capture network data on a hub as oppossed to a router/switch?
|
|
Back to top |
|
|
s3cur3m3 Trusted SF Member
Joined: 19 Jun 2003 Posts: 16777202 Location: US
|
Posted: Fri Jul 18, 2003 6:18 am Post subject: |
|
|
Hubs are not "smart" devices. They do not learn what's attached to their ports. The result is: all traffic that comes into one of the ports is broadcast out of every other port to find the recipient. What does this mean? This means that any port on the hub will get copies of the data that was destined for one host connected to the hub. Yeah, I know, it takes all the fun out of it. ARP poisoning is much more interesting from what I've read. I haven't played with it yet, but intend to.
Happy sniffing.
|
|
Back to top |
|
|
PhiBer SF Mod
Joined: 11 Mar 2003 Posts: 20 Location: Your MBR
|
Posted: Fri Jul 18, 2003 8:04 am Post subject: |
|
|
Doh!!! I knew that, lol....common sense. Sorry for even askin
So basically, hubs = insecure
|
|
Back to top |
|
|
vlad902 Just Arrived
Joined: 04 Jan 2003 Posts: 0
|
Posted: Sat Jul 19, 2003 7:16 am Post subject: |
|
|
Nothing is secure, hubs are fine for home networks or networks where you don't have worry about ARP poisoners, but it doesn't matter, ARP poisining is still possible on a switch (router should be no problem, never tried, never cared , it can probably be achieved easily though, I doubt they check wether the MAC adress is real).
|
|
Back to top |
|
|
|