Announcement

**EeeekPenguins** · May 22, 2003, 07:23

One make sure you are entering your passwords on encrypted sites.

Oh and thanks for the IP :D.

**SyntaX** · May 22, 2003, 07:26

That was an example IP ;)

And what u tried to tell me?

**skroo** · May 24, 2003, 18:31

One possibility...

Originally posted by SyntaX
Because when im in my network than its easy to understand how it work (because the packets in your network are send to every computer), but when i listen to a other computer whos not located in my network, than i want to know how i get the packets?!?! How can that be? How can that work?

It depends on the route between your machine and their machine. You need to be at a point suitably close to the remote machine (from a route topology perspective) to be able to capture the traffic to and from that box.

As an example, here's a traceroute (well, tracert, since I'm in Windows right now) from my home box to www.yahoo.com to help illustrate this. I've chopped it down a bit for brevity:

1 <10 ms 10 ms <10 ms firewall.skroo.net [10.0.0.1]
(snippage...)
13 20 ms 20 ms 30 ms p3-04-00-00.p0.sjc90.adelphiacom.net [66.109.3.1
97]
14 20 ms 30 ms 20 ms 66.170.128.150
15 20 ms 30 ms 20 ms vl28.bas1.scd.yahoo.com [216.115.101.42]
16 20 ms 30 ms 30 ms w7.scd.yahoo.com [66.218.71.86]

OK. Look at hop 13. This is where I start to head off of my cable modem provider's network and towards Yahoo's. The next two hops after that are what are important here: 66.170.128.150 hands off to 216.115.101.42. The fact that these are two entirely disparate networks suggests that there is possibly some sort of virtual route between them. Therefore, you would have to get on to the device at hop 14 (66.170.128.150), figure out how it talks to the device in hop 15 (216.115.101.42), and how to reach the hop 15 device.

From there, work out how the server at hop 16 (66.218.71.86) is connected to the device at hop 15, and run pcap on that device (I'm assuming it's Cisco) to grab the traffic destined for the box at hop 16. Export your capture and visualise / sift through at your leisure.

He is not in my network, so my computer should not send packets to his computer.
How does that work, that he get my packets????

Most likely, he's at a point directly on the route between your network and gmx.at's network. If you're on a cable or DSL modem, there're probably a half-dozen people on your segment all doing traffic captures - and if you're not encrypting that traffic, no effort at all is needed to see your username, password, email text, etc.

**democow** · May 25, 2003, 15:08

you may want to look into ettercap.. http://ettercap.sourceforge.net it has some nice network maping functions and mim features you would be intrested in checking out

**skroo** · May 26, 2003, 11:41

Originally posted by democow
you may want to look into ettercap.. http://ettercap.sourceforge.net it has some nice network maping functions and mim features you would be intrested in checking out

ettercap's cool. The only problem with it is that it's inconsistent in its success: some switches go batshit when it does its ARP juju; others do nothing. When it works, though, it works great. Sort of like an Italian car.

**democow** · May 26, 2003, 17:18

nah, italian cars always perfectly.. they exist for one reason to stand still in your driveway so your freinds and fam. know that you are better then them.... a better comparsion would be italian women.. once they shut up its all good

Announcement

Question about Packet sniffing!

Question about Packet sniffing!

Comment

Comment

Comment

Comment

Comment

Comment