Announcement

Collapse
No announcement yet.

Question about Packet sniffing!

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • democow
    replied
    nah, italian cars always perfectly.. they exist for one reason to stand still in your driveway so your freinds and fam. know that you are better then them.... a better comparsion would be italian women.. once they shut up its all good

    Leave a comment:

  • skroo
    replied
    Originally posted by democow
    you may want to look into ettercap.. http://ettercap.sourceforge.net it has some nice network maping functions and mim features you would be intrested in checking out
    ettercap's cool. The only problem with it is that it's inconsistent in its success: some switches go batshit when it does its ARP juju; others do nothing. When it works, though, it works great. Sort of like an Italian car.

    Leave a comment:

  • democow
    replied
    you may want to look into ettercap.. http://ettercap.sourceforge.net it has some nice network maping functions and mim features you would be intrested in checking out

    Leave a comment:

  • skroo
    replied
    One possibility...

    Originally posted by SyntaX
    Because when im in my network than its easy to understand how it work (because the packets in your network are send to every computer), but when i listen to a other computer whos not located in my network, than i want to know how i get the packets?!?! How can that be? How can that work?
    It depends on the route between your machine and their machine. You need to be at a point suitably close to the remote machine (from a route topology perspective) to be able to capture the traffic to and from that box.

    As an example, here's a traceroute (well, tracert, since I'm in Windows right now) from my home box to www.yahoo.com to help illustrate this. I've chopped it down a bit for brevity:

    1 <10 ms 10 ms <10 ms firewall.skroo.net [10.0.0.1]
    (snippage...)
    13 20 ms 20 ms 30 ms p3-04-00-00.p0.sjc90.adelphiacom.net [66.109.3.1
    97]
    14 20 ms 30 ms 20 ms 66.170.128.150
    15 20 ms 30 ms 20 ms vl28.bas1.scd.yahoo.com [216.115.101.42]
    16 20 ms 30 ms 30 ms w7.scd.yahoo.com [66.218.71.86]

    OK. Look at hop 13. This is where I start to head off of my cable modem provider's network and towards Yahoo's. The next two hops after that are what are important here: 66.170.128.150 hands off to 216.115.101.42. The fact that these are two entirely disparate networks suggests that there is possibly some sort of virtual route between them. Therefore, you would have to get on to the device at hop 14 (66.170.128.150), figure out how it talks to the device in hop 15 (216.115.101.42), and how to reach the hop 15 device.

    From there, work out how the server at hop 16 (66.218.71.86) is connected to the device at hop 15, and run pcap on that device (I'm assuming it's Cisco) to grab the traffic destined for the box at hop 16. Export your capture and visualise / sift through at your leisure.


    He is not in my network, so my computer should not send packets to his computer.
    How does that work, that he get my packets????
    Most likely, he's at a point directly on the route between your network and gmx.at's network. If you're on a cable or DSL modem, there're probably a half-dozen people on your segment all doing traffic captures - and if you're not encrypting that traffic, no effort at all is needed to see your username, password, email text, etc.

    Leave a comment:

  • SyntaX
    replied
    That was an example IP ;)

    And what u tried to tell me?

    Leave a comment:

  • EeeekPenguins
    replied
    One make sure you are entering your passwords on encrypted sites.

    Oh and thanks for the IP :D.

    Leave a comment:

  • SyntaX
    started a topic Question about Packet sniffing!

    Question about Packet sniffing!

    Ok, hi again :)

    I read some articles and sites about packet sniffing, and
    now i have some questions i dont find answers to. I googled the last 2 days only for that, (but i thing u know, that they are 80% fake hacker sites!).
    Ok, i have windows XP with ethereal and RedHat 9.0 with ethereal too.

    Now my questions:

    I know how to sniff my own network for incoming and outgoing packets, but i don´t know how to listen on a other box wich don´t is located in my network!
    I don´t want you to tell me how i can listen on a other port exactly, because that will be boring. I only want to know how that can work!

    Because when im in my network than its easy to understand how it work (because the packets in your network are send to every computer), but when i listen to a other computer whos not located in my network, than i want to know how i get the packets?!?! How can that be? How can that work?

    (a little example for a better understanding what i mean:

    My ip is 80.108.34.12, and someones sniffing my packets (however he do that). Ok, now I open my IE and call www.gmx.at, i login with my username and password. the guy who´s sniffing my IP get that packet and know my UN and PW.

    So.., now i ask myself.....

    He is not in my network, so my computer should not send packets to his computer.
    How does that work, that he get my packets????

    Maybe someone can tell me whats going on in this really hard world :D


    peace
    Tags: None
Previous template Next
Working...
X