Jump to content

Sniffer Problem


TheKingUnderTheHill
 Share

Recommended Posts

I'm currently studying a computer security course at university, we basically have to write a report on a subject we choose, I've chosen Packet Sniffing, the issue is that we get to use the Admin Computer Lab for about an hour a week, no way near enough time to get anything productive done.

So I tried gathering some information using Wireshark and I only seem to get my own traffic, which isnt very useful, I've tried other tools and they all have the same problem, does anyone have a fix? Cheers.

Link to comment
Share on other sites

Do some reading up on switched networks, that will explain why you only see your own and broadcast traffic. You need to either use a hub or get in the middle of the traffic somehow. The easiest way to learn is to put a few VMs on a machine then you see all the traffic so you can have a sniffing machine to play with and a couple of victims.

Link to comment
Share on other sites

The usual way is to use arp cache poisoning between the devices you want to listen in on. Basically you tell each of them that you are the other so they send you their traffic and you sniff it and pass it on. Or you get access to a switch and change your port to a span port then listen to everything.

Link to comment
Share on other sites

  • 1 month later...

The usual way is to use arp cache poisoning between the devices you want to listen in on. Basically you tell each of them that you are the other so they send you their traffic and you sniff it and pass it on. Or you get access to a switch and change your port to a span port then listen to everything.

Could you please tell how this is done? Or is this only possible on professional grade Cisco switches, and can't be used if connected to the hub part of a wifi router?

Link to comment
Share on other sites

Parity: I recently learned about this by way of Security Onion. I needed a way to sniff all my traffic in order to run snort and snorby and all these awesome intrusion detection tools (which work best by sniffing the entire networks traffic). For the most part, yes, you'll find these "span" ports on commercial, industry grade switches (mega $$$) but there is a cheap alternative. The company is kind of no-name (Mikrotik), but the product is totally sound. I've been using it for months and it works as advertised without fail.

http://www.roc-noc.c...rd/rb250gs.html

TheKingUnderTheHill: Another option is to sneak a passive lan tap in there. You can buy one of the two available on the hakshop, or you can build your own quite easily with some spare cat5 cable and some female ends, which you can pick up at home depot...hehe pick up some females at home depot...

telot

Edited by telot
Link to comment
Share on other sites

Could you please tell how this is done? Or is this only possible on professional grade Cisco switches, and can't be used if connected to the hub part of a wifi router?

Using a network hub, or the man in the middle suite will get what you want.

As Digininja stated earlier ARP poisoning will usually overcome the hurdles that a switch puts in place.

So I'd suggest you to look into either Cain and Able or the Ethercap.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...