jaime_lion Posted September 2, 2016 Share Posted September 2, 2016 So I am wondering if the lan turtle does the same things as the lan tap? like from my noobish eyes they seem to do the same type of stuff? can someone explain the differences and where one would be better than the other one or are they the same? Thanks Quote Link to comment Share on other sites More sharing options...
anode Posted September 4, 2016 Share Posted September 4, 2016 Lan tap will sniff traffic to a third machine live. (and only sniff) The turtle is more like a MitM computer under your control (if done right) Quote Link to comment Share on other sites More sharing options...
jaime_lion Posted September 4, 2016 Author Share Posted September 4, 2016 (edited) 4 hours ago, anode said: Lan tap will sniff traffic to a third machine live. (and only sniff) The turtle is more like a MitM computer under your control (if done right) But if you are a mitm doesn't that meen you can also see the traffic? How does that differ from what the lan tap can do with seeing the traffic? Edited September 4, 2016 by jaime_lion Quote Link to comment Share on other sites More sharing options...
bored369 Posted September 4, 2016 Share Posted September 4, 2016 1 hour ago, jaime_lion said: But if you are a mitm doesn't that meen you can also see the traffic? How does that differ from what the lan tap can do with seeing the traffic? Correct but in the case of the lan turtle it is actually taking the traffic from one interface and sending it out the other which also requires it to have two ip addresses (one for the network and one for the attached system), you can see and manipulate the traffic as MITM. The lan tap is a fully passive monitoring capabilities, you don't interact with the traffic at all and also makes it harder to be detected as listening (if I understand it all correctly myself even) Quote Link to comment Share on other sites More sharing options...
anode Posted September 4, 2016 Share Posted September 4, 2016 Other aspect is that a turtle will have to send sniffed traffic over the same port used for real traffic. So filtering to avoid bandwidth issues would be needed. With the tap, you need two adapters on the sniffing machine if you want to capture traffic in both directions. Quote Link to comment Share on other sites More sharing options...
UnixSecLab Posted September 4, 2016 Share Posted September 4, 2016 4 hours ago, anode said: With the tap, you need two adapters on the sniffing machine if you want to capture traffic in both directions. Actually, no. The tap in the shop has two sniffing ports so that you can feed out to two different devices. For example, an IDS and a NetFlow Collector. The sniffing machine would put its interface into promiscuous mode, which would see all traffic in both directions on the hot wires. Quote Link to comment Share on other sites More sharing options...
Tahamah Posted July 4, 2017 Share Posted July 4, 2017 On 9/4/2016 at 0:44 PM, UnixSecLab said: Actually, no. The tap in the shop has two sniffing ports so that you can feed out to two different devices. For example, an IDS and a NetFlow Collector. The sniffing machine would put its interface into promiscuous mode, which would see all traffic in both directions on the hot wires. I realize this is an old post, but this should be corrected. unixSecLab is, unfortunately, mistaken. I have one of these and can confirm that one may only obtain a single direction of network traffic with an individual output port. In the Hak 5 description of the device, this fact is actually mentioned: "2. Use Ethernet cables to connect one or both of the monitoring ports (J3 and J4) to ports on one or two monitoring stations. Each port monitors traffic in one direction only." URL of Hak5 Throwing Star Lan Tap: https://hakshop.com/products/throwing-star-lan-tap Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.