Announcement

**xChris** · August 27, 2004, 02:05

Originally posted by aldend123

I know and briefly understand the idea of packet sniffing over a network, where each packet is "read" so that the sniffer can view it

however i was thinking, would this be possible to do on a remote computer and if so where could i get information on this?

so i sit on my network at my house, and sniff packets coming out of computer xx.xx.xx.xx?

yes! yes! i have a wonderful site that has all the answers your looking for its right here =D =D hope this helps!

-xchris.

**aldend123** · August 27, 2004, 08:42

thank you , oversight, for not giving me the generic "google it asshole" response
i tried google, but the key to google is needing the right keywords, example, middleman attack and promiscuous mode, which i did not have. i tried looking at MANY sites about "remote packet sniffing" but nearly all of them were about "remote packet sniffing on a network" or "how to protect yourself from being remote packet sniffed" [usually a program that would let you know if you were being sniffed, not a paper on how it worked, and most sites appeared to be ridden with spyware]

anyways, thanks, now that i have those keywords Oversight, i can use xChris's reponse...

ITSSSS GOOGLEEEEE TIMEEEE

**aldend123** · August 27, 2004, 09:36

please excuse me if i sound like an idiot but during googl'ing
i found this:

"Promiscuous mode, in computer related fields, is generally used to refer to the practice of putting a network card

A network card (also called network adapter, network interface [card], etc.) is a piece of computer hardware designed to provide for computer communication over a computer network."

now, can that phrase, "over a computer network" be applied to the large scale network commonly known as "the internet" or is this again, only for commonly known "home network" [or bussiness network] use?

**noid** · August 27, 2004, 10:23

I think I know what you are asking for. Let me spell it out and let me know if I'm right:

You want to sit on your network at home and sniff the traffic of say a friend on his network in another place?

If thats the case, how you want to go about it wont work. When sniffing traffic, you are sniffing traffic on the network you are on. For example, at work here I can sniff traffic going across my network segment. But, I cant sniff traffic going on at one of our European offices, without finding a way to establish myself onto their network (i.e. VPN)

You have to have some way of being on the network you want to sniff, the packets wont come to you if you just say 'I want to sniff J. Random's cable modem traffic on the other side of the country'.

**Gadsden** · August 27, 2004, 12:38

You could always convince their router to route through you.. then you could sniff what is going on.

FX has done some great talks on this.. check here.

**aldend123** · August 27, 2004, 20:22

Originally posted by noid

I think I know what you are asking for. Let me spell it out and let me know if I'm right:

You want to sit on your network at home and sniff the traffic of say a friend on his network in another place?

-sniff sniff- I smell brains

really though, thats right on the dot, sorry if i wasnt clear enough in the first post. but yes thats what i want to do.
although the "Friend" is directly connected through a cable modem [no router] and has WinXP...

does that open up any possiblitys? im gonna doubt it.

and while im at it, i once saw a FOX news thing about how people can recieve emails to view them as they pass through the interent [the example provider in this case was yahoo i believe] and as OverSight said, viewing email can be pretty handy.

anyways, what about that? how is that done? is that a refer to google for "middle man attack"? [i havent gotten aorund to finishing up my googling yet]

**toxicle** · August 27, 2004, 21:19

Man in the middle attacks will only happen within your network segment. However I've stumbled upon WiFi gateways (captive portals) which is possible to intercept traffic of all active users all over the country (in the same network segment).

If you want a feel of this, go get Ettercap and test it out on your local network and see how you can work from there.

Of course ... this is possible if you have access to your "friend's" ISP :)

Another way would be to craft a trojan with a keylogger builtin and trick him into running it. But of course you need to bypass his AV, if he's using any.

But then again .. why not compromise the box itself? Of course it's wrong to do that :)

**toxicle** · August 28, 2004, 07:20

Ops .. sorry I should add ARP Man in the middle attacks :)

Yes like what 0versight mentioned ... very possible methods.

**skroo** · August 28, 2004, 09:45

Originally posted by aldend123

does that open up any possiblitys? im gonna doubt it.

Doesn't make any difference, because the problem remains the same - how to capture his traffic as it leaves his network and enters the public Internet. One idea that hasn't been mentioned yet would be to run pcap or similar on a routing device that his traffic has to pass through, and have it set to export his data stream to a box (which conceivably could be anywhere on the Internet) acting as a collection station. This isn't a new idea, and was fairly well-described in this Phrack article.

and while im at it, i once saw a FOX news thing about how people can recieve emails to view them as they pass through the interent [the example provider in this case was yahoo i believe] and as OverSight said, viewing email can be pretty handy.

Do you mean Yahoo as an ISP (e.g., such as with their cobranding deal with SBC), or Yahoo as in the web-based email service?

anyways, what about that? how is that done? is that a refer to google for "middle man attack"? [i havent gotten aorund to finishing up my googling yet]

Depends... Hard to tell how the email-in-transit stunt was pulled off. My suspicion, though, is that it wasn't so much a MITM attack as an issue with users' email boxes being accessible by other users - pretty much, a permissions issue.

**aldend123** · August 28, 2004, 10:00

ya, um, andddd im officially over-whelmed

well the upside is at least i got tons to read up on now to kill "bored time"

thanks for all this info guys, but you've completely boggled my mind, as i still havent mastered any asspect of this stuff, but like i said, now i got plenty of stuff to read up on, so thanks.

**cjet** · September 14, 2007, 04:41

Re: Remote Packet Sniffing?

You can put all logs from sniffing to the file for example log.txt and use a script which will send it via smtp server to you on your e-mail address. This way is useful for example to send some warning logs even on mobile phone by sms.

**AlxRogan** · September 14, 2007, 04:55

Re: Remote Packet Sniffing?

If you must reply to a 3 year old thread, at least make it more meaningful, such as:

* I've found a way to remotely poison ARP tables by the power of my mind!

* All you have to do is hack every connection between Alice and Bob...and the world will beat a path to your door!

* My cat's breath smells like cat food.

KTHXBAI<closed>

Announcement

Remote Packet Sniffing?

Remote Packet Sniffing?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment