Fwd: Netmeeting sniffing

[Thomas Kane <takane2 () gmail com>]

---------- Forwarded message ----------
From: Thomas Kane <takane2 () gmail com>
Date: Wed, Mar 25, 2009 at 11:00 AM
Subject: Re: Netmeeting sniffing
To: Chip Panarchy <forumanarchy () gmail com>


I said physical layer because I'm using a hub to get the packers not
ARP poisoning
 or something like that. The netmeeting certificates have a public and
private key which I can extract with openSSL but it dons't seem to be
SSL when I look at it via wireshark. When I set wireshark to decode
said packets as SSL, there is no 'Hello' packet. I'm going to see if
any of the netmeeting connection packets have the key exchange in
them.
On Wed, Mar 25, 2009 at 4:11 AM, Chip Panarchy <forumanarchy () gmail com> wrote:
> To a Physical Layer attack?
>
> Well the same as anything else I suppose... for Ethernet.
>
> Are you sure you meant Physical?
>
> What level of encryption, 256-bit? AES or Camellia?
>
> On Sun, Mar 22, 2009 at 12:14 PM, Thomas Kane <takane2 () gmail com> wrote:
> > So I'm wondering about the vulnerabilities of netmeeting remote
> > desktop to a physical layer attack. I have a test set up at my home, I
> > have one laptop connected to my westell dsl modem/router/switch via
> > wifi. then I connected my desktop via ethernet. My idea for the attack
> > was inserting a hub in there and grabbing the packets with another
> > laptop in promiscuous mode. In addition I have grabbed the netmeeting
> > certificates from the two computers involved. So I have the certs(one
> > of which had a private key, the other claimed it didn't have one). I
> > got the packets. I typed somethings because my main focus is
> > retrieving typed passwords from the wire. So now how would I go about
> > decrpyting the packets and what format are keystrokes in? I'd
> > appreciate any help I could get!
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: InfoSec Institute
> >
> > Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
> > Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
> > Penetration Tester exams, taught by an expert with years of real pen testing experience.
> >
> > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> > ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------