Eviltechie Posted December 14, 2008 Share Posted December 14, 2008 I'm trying to sniff packets from my brothers computer. If we are both plugged into the same hub, it should work, right? But I'm only getting broadcast packets. Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted December 14, 2008 Share Posted December 14, 2008 I'm trying to sniff packets from my brothers computer. If we are both plugged into the same hub, it should work, right? But I'm only getting broadcast packets. no because you must be "in between" the internet and his computer Quote Link to comment Share on other sites More sharing options...
SmoothCriminal Posted December 14, 2008 Share Posted December 14, 2008 If it is truly a hub then yes you will see all the packets, but I am assuming that you are not using a hub, but rather a switch. If it is a hub, then yes technically you will only get broadcast packets since everything the hub sees it broadcasts, hence broadcast packets. Oh and let your brother watch porn in peace. Quote Link to comment Share on other sites More sharing options...
gcninja Posted December 14, 2008 Share Posted December 14, 2008 but sharing is caring! and i KNOW the difference between hubs and switches, but w/o it actually saying it, is there a physical diff? also, in lay mans terms, hubs send data to all ports when sending and recievign thats why theres a collisions LED while switches find the actual people it belongs to Quote Link to comment Share on other sites More sharing options...
vector Posted December 14, 2008 Share Posted December 14, 2008 what tool(s)/apps apps are you using for sniffing your lan? and what os are you running? i may have some suggestions for apps that might help you in windows. When you plug a sniffer in to a port on a switch, you can only see broadcast traffic and the traffic transmitted and received by your machine. because of that theres a few things you can do, 1) port mirroring (if youre on a switch which it sounds like you are), 2) hubbing out, and 3) arp poison/spoofing. Quote Link to comment Share on other sites More sharing options...
Sparda Posted December 14, 2008 Share Posted December 14, 2008 also, in lay mans terms, hubs send data to all ports when sending and recievign thats why theres a collisions LED while switches find the actual people it belongs to Switches suffer from collisions as well. Quote Link to comment Share on other sites More sharing options...
sqall Posted December 14, 2008 Share Posted December 14, 2008 Like everyone said, it will work if it is really a hub. Because it's your brother and you have physical access to his pc, you can set up his computer to use your computer as router. Than you have a man in the middle attack as well and you can sniff his packets. Quote Link to comment Share on other sites More sharing options...
staulkor Posted December 14, 2008 Share Posted December 14, 2008 Hubs take in frames from one port and broadcast it out all other ports other than the one it received the frame from. Hubs suffer from collisions and can be thought of as splitting bandwidth, ie. a 10 port 100mbps hub with all ports being used, each computer would essentially have 10mbps. Hubs are "dumb" and do not use logic. Switches do use logic! When a new client first sends one frame over the wire, the switch reads the header and then forwards it to its destination if known, otherwise it drops the frame. The client must retransmit, but this only happens once for a new client. The switch notes the MAC and the physical port it came in from on that first frame. It stores this information in its CAM table. It now knows where that computer is located, so if the switch gets a frame from another port and it is addressed to said computer, it will only forward the data through that port. Switches are amazingly simple and rely on basic logic to work...but work they do :D Now as for packet sniffing, you will need to use some form of software to perform a MITM (man in the middle) attack. Cain&Abel is what I use for simplicity sake. I prefer Ettercap, but its finicky on windows. This will essentially make your brother think you are the gateway, and the gateway think you are your brother. You are now virtually in the middle of his cable reading all of the data that goes between. Once you have that set up, you can use Wireshark to read the raw data. Quote Link to comment Share on other sites More sharing options...
Sparda Posted December 14, 2008 Share Posted December 14, 2008 Hubs are "dumb" and do not use logic. I wonder what all their components are for if not logic. Quote Link to comment Share on other sites More sharing options...
Eviltechie Posted December 14, 2008 Author Share Posted December 14, 2008 Well I'm not using a "true" hub. It is actually a wireless router that has DHCP off and is connected to a router through a lan port. We are both plugged in through lan ports also. And I'm using Ubuntu and Wireshark. Quote Link to comment Share on other sites More sharing options...
SmoothCriminal Posted December 14, 2008 Share Posted December 14, 2008 Well I'm not using a "true" hub. It is actually a wireless router that has DHCP off and is connected to a router through a lan port. We are both plugged in through lan ports also. And I'm using Ubuntu and Wireshark. Most likely then the router has a switch in it, and that is essentially what you are plugged into. As was said before, you can use software such as Cain to perform the MITM attack. Quote Link to comment Share on other sites More sharing options...
vector Posted December 14, 2008 Share Posted December 14, 2008 Well I'm not using a "true" hub. It is actually a wireless router that has DHCP off and is connected to a router through a lan port. We are both plugged in through lan ports also. And I'm using Ubuntu and Wireshark. ok so let me get this straight. you and your brother are both plugged into a wireless router that has DHCP disabled, and then that router is connected to another router? how about clarifying your exact configuration and type of routers youre using. Quote Link to comment Share on other sites More sharing options...
vector Posted December 14, 2008 Share Posted December 14, 2008 Most likely then the router has a switch in it, and that is essentially what you are plugged into. As was said before, you can use software such as Cain to perform the MITM attack. based on the OP hes only trying to sniff/capture traffic from another computer on the same LAN, MITM is not quite the same thing. Quote Link to comment Share on other sites More sharing options...
Eviltechie Posted December 14, 2008 Author Share Posted December 14, 2008 Here is a (badly drawn) network map. Quote Link to comment Share on other sites More sharing options...
vector Posted December 14, 2008 Share Posted December 14, 2008 Here is a (badly drawn) network map. why are you segmenting your network like that? Quote Link to comment Share on other sites More sharing options...
Eviltechie Posted December 14, 2008 Author Share Posted December 14, 2008 There are actually a total of 11 devices on the network, including another hub, but I didn't show them. Quote Link to comment Share on other sites More sharing options...
taiyed14 Posted December 14, 2008 Share Posted December 14, 2008 I believe your problem still is that the wireless router is not actually a hub, it's a switch, so only traffic/packets labeled for your MAC address will be sent to you. Packets labeled with your brothers MAC will be sent out the port he is connected to. Quote Link to comment Share on other sites More sharing options...
Eviltechie Posted December 14, 2008 Author Share Posted December 14, 2008 So if that doesn't work, what can I do? Spoof his mac? Quote Link to comment Share on other sites More sharing options...
Sparda Posted December 14, 2008 Share Posted December 14, 2008 I believe your problem still is that the wireless router is not actually a hub, it's a switch, so only traffic/packets labeled for your MAC address will be sent to you. Packets labeled with your brothers MAC will be sent out the port he is connected to. Actually the wireless bit is a hub, it's the switch bit that is a switch. Quote Link to comment Share on other sites More sharing options...
vector Posted December 14, 2008 Share Posted December 14, 2008 So if that doesn't work, what can I do? Spoof his mac? well you wont be spoofing his mac. if you cant use port mirroring to sniff his traffic then you should be able to arp poision just your segment and and sniff all the traffic going from your brother mac to the routers mac. Quote Link to comment Share on other sites More sharing options...
Eviltechie Posted December 14, 2008 Author Share Posted December 14, 2008 WHAT? Quote Link to comment Share on other sites More sharing options...
vector Posted December 14, 2008 Share Posted December 14, 2008 WHAT? im not sure what you mean. Quote Link to comment Share on other sites More sharing options...
Eviltechie Posted December 14, 2008 Author Share Posted December 14, 2008 well you wont be spoofing his mac. if you cant use port mirroring to sniff his traffic then you should be able to arp poision just your segment and and sniff all the traffic going from your brother mac to the routers mac. Neither do I. Quote Link to comment Share on other sites More sharing options...
taiyed14 Posted December 15, 2008 Share Posted December 15, 2008 Actually the wireless bit is a hub, it's the switch bit that is a switch. Is he connecting to the wireless? His diagram made it seem like he was connected with an Ethernet cable. Quote Link to comment Share on other sites More sharing options...
taiyed14 Posted December 15, 2008 Share Posted December 15, 2008 What Vector is saying, if you are going to preform a MitM attack (Man in the middle) then you would want to spoof the routers MAC. This way, all traffic is sent to through your computer. ps sorry for the double post. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.