Jump to content

Packet Sniffing

Eviltechie

By Eviltechie
in Security

 Share

Recommended Posts

SmoothCriminal Newbie

SmoothCriminal

Posted
Posted

If it is truly a hub then yes you will see all the packets, but I am assuming that you are not using a hub, but rather a switch. If it is a hub, then yes technically you will only get broadcast packets since everything the hub sees it broadcasts, hence broadcast packets.

Oh and let your brother watch porn in peace.

Link to comment
Share on other sites
gcninja Newbie

gcninja

Posted
Posted

but sharing is caring! and i KNOW the difference between hubs and switches, but w/o it actually saying it, is there a physical diff?

also, in lay mans terms, hubs send data to all ports when sending and recievign thats why theres a collisions LED while switches find the actual people it belongs to

Link to comment
Share on other sites
vector Newbie

vector

Posted
Posted

what tool(s)/apps apps are you using for sniffing your lan? and what os are you running? i may have some suggestions for apps that might help you in windows. When you plug a sniffer in to a port on a switch, you can only see broadcast traffic and the traffic transmitted and received by your machine. because of that theres a few things you can do, 1) port mirroring (if youre on a switch which it sounds like you are), 2) hubbing out, and 3) arp poison/spoofing.

Link to comment
Share on other sites
sqall Newbie

sqall

Posted
Posted

Like everyone said, it will work if it is really a hub.

Because it's your brother and you have physical access to his pc, you can set up his computer to use your computer as router. Than you have a man in the middle attack as well and you can sniff his packets.

Link to comment
Share on other sites
staulkor Newbie

staulkor

Posted
Posted

Hubs take in frames from one port and broadcast it out all other ports other than the one it received the frame from. Hubs suffer from collisions and can be thought of as splitting bandwidth, ie. a 10 port 100mbps hub with all ports being used, each computer would essentially have 10mbps. Hubs are "dumb" and do not use logic. Switches do use logic! When a new client first sends one frame over the wire, the switch reads the header and then forwards it to its destination if known, otherwise it drops the frame. The client must retransmit, but this only happens once for a new client. The switch notes the MAC and the physical port it came in from on that first frame. It stores this information in its CAM table. It now knows where that computer is located, so if the switch gets a frame from another port and it is addressed to said computer, it will only forward the data through that port.

Switches are amazingly simple and rely on basic logic to work...but work they do :D

Now as for packet sniffing, you will need to use some form of software to perform a MITM (man in the middle) attack. Cain&Abel is what I use for simplicity sake. I prefer Ettercap, but its finicky on windows. This will essentially make your brother think you are the gateway, and the gateway think you are your brother. You are now virtually in the middle of his cable reading all of the data that goes between. Once you have that set up, you can use Wireshark to read the raw data.

Link to comment
Share on other sites
SmoothCriminal Newbie

SmoothCriminal

Posted
Posted
Well I'm not using a "true" hub. It is actually a wireless router that has DHCP off and is connected to a router through a lan port. We are both plugged in through lan ports also.

And I'm using Ubuntu and Wireshark.

Most likely then the router has a switch in it, and that is essentially what you are plugged into. As was said before, you can use software such as Cain to perform the MITM attack.

Link to comment
Share on other sites
vector Newbie

vector

Posted
Posted
Well I'm not using a "true" hub. It is actually a wireless router that has DHCP off and is connected to a router through a lan port. We are both plugged in through lan ports also.

And I'm using Ubuntu and Wireshark.

ok so let me get this straight. you and your brother are both plugged into a wireless router that has DHCP disabled, and then that router is connected to another router? how about clarifying your exact configuration and type of routers youre using.

Link to comment
Share on other sites
vector Newbie

vector

Posted
Posted
Most likely then the router has a switch in it, and that is essentially what you are plugged into. As was said before, you can use software such as Cain to perform the MITM attack.

based on the OP hes only trying to sniff/capture traffic from another computer on the same LAN, MITM is not quite the same thing.

Link to comment
Share on other sites
taiyed14 Newbie

taiyed14

Posted
Posted

I believe your problem still is that the wireless router is not actually a hub, it's a switch, so only traffic/packets labeled for your MAC address will be sent to you. Packets labeled with your brothers MAC will be sent out the port he is connected to.

Link to comment
Share on other sites
Sparda Newbie

Sparda

Posted
Posted
I believe your problem still is that the wireless router is not actually a hub, it's a switch, so only traffic/packets labeled for your MAC address will be sent to you. Packets labeled with your brothers MAC will be sent out the port he is connected to.

Actually the wireless bit is a hub, it's the switch bit that is a switch.

Link to comment
Share on other sites
vector Newbie

vector

Posted
Posted
So if that doesn't work, what can I do? Spoof his mac?

well you wont be spoofing his mac. if you cant use port mirroring to sniff his traffic then you should be able to arp poision just your segment and and sniff all the traffic going from your brother mac to the routers mac.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...