Jump to content

questions i have about it


italiano40
 Share

Recommended Posts

yea darren i see your point i just asking because the fon has not a lot of space (barely enough for a minute of wireshark) but you could dump it to the FTP and then have a cracker run, or have a script that stop wiresjark after a certain amount of captures or time pass then have it sleep for a long time so it looks like it is just the network slowing down

Link to comment
Share on other sites

It depends on the IDS setup but just spotting a rogue MAC address or a MAC address coming from an odd port is enough to trigger some IDS signatures.

Not sure what you mean about the network slowing down and sleeping the capture. If you sleep then you don't capture anything so you may miss the juicy stuff. You could time it to come on at certain times such as between 8.30 and 9.15 when most people would be logging in but you'd still have to store the capture somewhere and the Fon probably doesn't have enough space.

BTW, you mean either tshark or tcpdump, wireshark is a gui app

Link to comment
Share on other sites

yea i meant tshark that is why you should make i a sniffer on the fon and then have it dump to a FTP

also i get what you are saying about the IDS setup and the Mac address but if you put it into a small company or a small business you should have no problem with that since the IT department is small or non-existent and i know that sleep you wont capture stuff but if you keep it their for a long time it will get the juicy stuff

Link to comment
Share on other sites

could you not run a external hard drive connected to another fon which logs all of the packets that the interceptor sends to it? we know it's possible for a fon to mount and write to a external device (people have used sd cards) why not a nas? (or when the new fon comes out a usb) this idea is the usual set up that a normal taping device has the bug sends the transmission over to the receiver a wee bits away and voila you have a tap, why not apply this line of thought with the interceptor, because in all reality it is a network tap.

Link to comment
Share on other sites

Do you mean have the other fon hidden somewhere else in the building and have that run the client side? If so then all you'd need to do is to have tcpdump dump out all the traffic as a pcap to the drive.

That would work.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...