I just found out about how packet sniffing is done and found some really good packet sniffing software. First of all what it is:
Taken from Sumit Dhar's Page.
What this means is that anyone on your network has the power to see what you are watching. I wanted to test this so I looked around for programs for Windows and found a good list on Tech FAQ here.
I then downloaded Ethereal and found out that I could read complete images and html files being sent by other users on our network by scanning our Proxy server and our router and even by targeting individual computers. I could see whole html docs. Ethereal also allowed me to save files being downloaded. I tried saving a JPG file and I was able to save it to my desktop and open it.
I always used to think that snooping on other PCs was an art for only very experienced hackers, but now looking at this program it seems like any Tom, Dick and Harry can virtually steal any of my passwords being sent in plain text over the network. This can happen when you sending login info on a webpage not using SSL, or when starting ftp/telnet sessions etc. I did a test run when logging into this blog and Ethereal was able to show me the login and password my browser sent to the Blogsome server as an HTML POST request.
I did notice though that since we are using Smart Switches on our network, and my PC is connected to one of the smaller slave switches on the network, I am not able to recieve all network traffic. But if my PC was connected on one of our Master switches or even better the switch where the ADSL router and proxy server are connected, I could really mess around with other people's data. hmmmm.......
In a shared Ethernet environment, all hosts are connected to the same bus and compete with one another for bandwidth. In such an environment packets meant for one machine are received by all the other machines. Thus when a machine Venus wants to talk to Cupid in such an environment, it sends a packet on the network with the destination MAC address of Cupid along with its own source MAC address. All the computers on the shared ethernet compare frame's destination MAC address with their own. If the two don't match, the frame is quietly discarded. A machine running a sniffer breaks this rule and accepts all frames. Such a macine is said to have been put into promiscous mode and can effectively listen to all the traffic on the network. Sniffing in a Shared Ethernet environment is totally passive and hence extremely difficult to detect.
Taken from Sumit Dhar's Page.
What this means is that anyone on your network has the power to see what you are watching. I wanted to test this so I looked around for programs for Windows and found a good list on Tech FAQ here.
I then downloaded Ethereal and found out that I could read complete images and html files being sent by other users on our network by scanning our Proxy server and our router and even by targeting individual computers. I could see whole html docs. Ethereal also allowed me to save files being downloaded. I tried saving a JPG file and I was able to save it to my desktop and open it.
I always used to think that snooping on other PCs was an art for only very experienced hackers, but now looking at this program it seems like any Tom, Dick and Harry can virtually steal any of my passwords being sent in plain text over the network. This can happen when you sending login info on a webpage not using SSL, or when starting ftp/telnet sessions etc. I did a test run when logging into this blog and Ethereal was able to show me the login and password my browser sent to the Blogsome server as an HTML POST request.
I did notice though that since we are using Smart Switches on our network, and my PC is connected to one of the smaller slave switches on the network, I am not able to recieve all network traffic. But if my PC was connected on one of our Master switches or even better the switch where the ADSL router and proxy server are connected, I could really mess around with other people's data. hmmmm.......
No comments:
Post a Comment