Jump to content

Lan turtle makes lan tap obsolete?


jaime_lion

Recommended Posts

4 hours ago, anode said:

Lan tap will sniff traffic to a third machine live. (and only sniff)

The turtle is more like a MitM computer under your control (if done right)

But if you are a mitm doesn't that meen you can also see the traffic? How does that differ from what the lan tap can do with seeing the traffic?

Edited by jaime_lion
Link to comment
Share on other sites

1 hour ago, jaime_lion said:

But if you are a mitm doesn't that meen you can also see the traffic? How does that differ from what the lan tap can do with seeing the traffic?

Correct but in the case of the lan turtle it is actually taking the traffic from one interface and sending it out the other which also requires it to have two ip addresses (one for the network and one for the attached system), you can see and manipulate the traffic as MITM.  The lan tap is a fully passive monitoring capabilities, you don't interact with the traffic at all and also makes it harder to be detected as listening (if I understand it all correctly myself even)

Link to comment
Share on other sites

Other aspect is that a turtle will have to send sniffed traffic over the same port used for real traffic.  So filtering to avoid bandwidth issues would be needed.

With the tap, you need two adapters on the sniffing machine if you want to capture traffic in both directions.

Link to comment
Share on other sites

4 hours ago, anode said:

With the tap, you need two adapters on the sniffing machine if you want to capture traffic in both directions.

Actually, no.  The tap in the shop has two sniffing ports so that you can feed out to two different devices.  For example, an IDS and a NetFlow Collector.  The sniffing machine would put its interface into promiscuous mode, which would see all traffic in both directions on the hot wires.

Link to comment
Share on other sites

  • 9 months later...
On 9/4/2016 at 0:44 PM, UnixSecLab said:

Actually, no.  The tap in the shop has two sniffing ports so that you can feed out to two different devices.  For example, an IDS and a NetFlow Collector.  The sniffing machine would put its interface into promiscuous mode, which would see all traffic in both directions on the hot wires.

I realize this is an old post, but this should be corrected. unixSecLab is, unfortunately, mistaken. I have one of these and can confirm that one may only obtain a single direction of network traffic with an individual output port. In the Hak 5 description of the device, this fact is actually mentioned:

"2. Use Ethernet cables to connect one or both of the monitoring ports (J3 and J4) to ports on one or two monitoring stations. Each port monitors traffic in one direction only."

URL of Hak5 Throwing Star Lan Tap: https://hakshop.com/products/throwing-star-lan-tap

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...