|
| Recent
Articles |
Losing Data Over VPN
Sometimes change is good, sometimes it's bad, and sometimes it's a mixed bag. Such was the case recently when a customer switched a remote office from a 56K line to using a Kerio VPN over Internet connections. The 56K line was slow and expensive, so the switch had...
ColdFusion And Server Monitoring
Unlocking the CF Server Black Box. How to answer questions about your server. How is it doing? What templates/queries are slow? New tool: CF Server Monitor. Monitors requests via all paths (template, CFC, web service, gateway, Flash Remoting) Has minimal...
ISIS Router Types
To pass the BSCI exam and earn your CCNP, youŽve got to know ISIS inside and out. There are many similarities between ISIS and OSPF, but one major difference is that ISIS has three different types of routers - Level 1 (L1), Level 2 (L2), and L1/L2. L1 routers are contained in a single area, and are connected to other areas...
Configuring An Access Server
As your CCNA / CCNP home lab expands, an access server such as the Cisco 2509 or 2511 is one of the best investments you can make. In this article, weŽll look at the basic configuration for an access server and discuss how to connect to the other routers and switches...
Trunking And Trunking Protocols
To earn your CCNA or CCNP certification, youŽve got to understand the basics of trunking. This isnŽt just a CCNA topic - you must have an advanced understanding of trunking and etherchannels to pass the BCMSN exam and earn your CCNP as well.
|
|
12.04.06
The Evil Packet Sniffer
By Eran Aharonovich
A "Packet Sniffer" is a utility that sniffs without modifying the network's packets in any way.
By comparison, a firewall sees all of a computer's packet traffic as well, but it has the ability to block and drop any packets that its programming dictates. Packet sniffers merely watch, display, and log this traffic.
One disturbingly powerful aspect of packet sniffers is their ability to place the hosting machine's network adapter into "promiscuous mode."
Network adapters running in promiscuous mode receive not only the data directed to the machine hosting the sniffing software, but also ALL of the traffic on the physically connected local network.
In order to view an entire network session you will have to reassemble the packets back into sessions.
To do so you will have to know deeply IP and TCP protocols.
Reassembling the packets is not an easy task because some packets are lost on the way and the others do not come at the right order, but once you do that you are capable to "read" the entire network.
After you have learned to reassemble packets you will have the ability to develop several "evil" components:
1. One thing you can do is to read the outgoing and/or incoming emails. The email protocol is called SMTP and is sent via PORT 25.
2. Do not forget the FTP protocol ( PORT 21 ), it might come in handy.
3. Monitor the HTTP protocol ( port 80 ) which is the World Wide Web. By doing so you will know which websites have been visited, files that have been uploaded to the web or downloaded from the web, text that was sent and so on.
While those things are considered inappropriate and your colleagues will probably not like it, sometimes it is needed for security reasons.
About the Author:
If you are a programmer and you want to start exploring the subject then I suggest you start with my free basic TCP sniffer which is available for download here. Good luck and happy sniffing!
Eran Aharonovich
www.Noviway.com
www.RTGate.com
|
