Jump to content
Hak5 Forums
Sign in to follow this  
jaime_lion

Lan turtle makes lan tap obsolete?

Recommended Posts

So I am wondering if the lan turtle does the same things as the lan tap? like from my noobish eyes they seem to do the same type of stuff? can someone explain the differences and where one would be better than the other one or are they the same?

 

Thanks

Share this post


Link to post
Share on other sites
anode   

Lan tap will sniff traffic to a third machine live. (and only sniff)

The turtle is more like a MitM computer under your control (if done right)

Share this post


Link to post
Share on other sites
4 hours ago, anode said:

Lan tap will sniff traffic to a third machine live. (and only sniff)

The turtle is more like a MitM computer under your control (if done right)

But if you are a mitm doesn't that meen you can also see the traffic? How does that differ from what the lan tap can do with seeing the traffic?

Edited by jaime_lion

Share this post


Link to post
Share on other sites
bored369   
1 hour ago, jaime_lion said:

But if you are a mitm doesn't that meen you can also see the traffic? How does that differ from what the lan tap can do with seeing the traffic?

Correct but in the case of the lan turtle it is actually taking the traffic from one interface and sending it out the other which also requires it to have two ip addresses (one for the network and one for the attached system), you can see and manipulate the traffic as MITM.  The lan tap is a fully passive monitoring capabilities, you don't interact with the traffic at all and also makes it harder to be detected as listening (if I understand it all correctly myself even)

Share this post


Link to post
Share on other sites
anode   

Other aspect is that a turtle will have to send sniffed traffic over the same port used for real traffic.  So filtering to avoid bandwidth issues would be needed.

With the tap, you need two adapters on the sniffing machine if you want to capture traffic in both directions.

Share this post


Link to post
Share on other sites
4 hours ago, anode said:

With the tap, you need two adapters on the sniffing machine if you want to capture traffic in both directions.

Actually, no.  The tap in the shop has two sniffing ports so that you can feed out to two different devices.  For example, an IDS and a NetFlow Collector.  The sniffing machine would put its interface into promiscuous mode, which would see all traffic in both directions on the hot wires.

Share this post


Link to post
Share on other sites
Tahamah   
On 9/4/2016 at 0:44 PM, UnixSecLab said:

Actually, no.  The tap in the shop has two sniffing ports so that you can feed out to two different devices.  For example, an IDS and a NetFlow Collector.  The sniffing machine would put its interface into promiscuous mode, which would see all traffic in both directions on the hot wires.

I realize this is an old post, but this should be corrected. unixSecLab is, unfortunately, mistaken. I have one of these and can confirm that one may only obtain a single direction of network traffic with an individual output port. In the Hak 5 description of the device, this fact is actually mentioned:

"2. Use Ethernet cables to connect one or both of the monitoring ports (J3 and J4) to ports on one or two monitoring stations. Each port monitors traffic in one direction only."

URL of Hak5 Throwing Star Lan Tap: https://hakshop.com/products/throwing-star-lan-tap

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×