Penetration Testing mailing list archives

Re: How to sniff packets from afar?

From: Dug Song <dugsong () monkey org>
Date: Thu, 8 Nov 2001 18:25:23 -0500

On Thu, Nov 08, 2001 at 03:40:00PM -0500, ET LoWNOISE wrote:

You dont need to own the router, you can use your pc to become a
routerthen spoof the routing protocols used to reroute the traffic
to you and then sniffit.


besides route hijacking (oy), there's also RMON, which was designed
ages ago for exactly this purpose. that is, if you're lucky enough to
find an open device that supports the filter and capture groups, and
can tolerate potentially lossy sniffing:

        http://www.csu.edu.au/special/auugwww96/proceedings/wang/wang.html

perhaps Robert Graham would like to chime in here? :-)

-d.

---
http://www.monkey.org/~dugsong/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Re: Using Null Session information from NAT.EXE bs (Nov 01)
- <Possible follow-ups>
- Re: Using Null Session information from NAT.EXE Tom Fischer (Nov 01)
  - RE: Using Null Session information from NAT.EXE Pierre Kroma (Nov 03)
- Re: Using Null Session information from NAT.EXE Windex King (Nov 01)
  - How to sniff packets from afar? Shawn Duffy (Nov 05)
    - Re: How to sniff packets from afar? Penetration Testing (Nov 08)
    - Re: How to sniff packets from afar? ET LoWNOISE (Nov 08)
    - Re: How to sniff packets from afar? Dug Song (Nov 08)
- Re: Using Null Session information from NAT.EXE bluefur0r bluefur0r (Nov 03)
- Re: Using Null Session information from NAT.EXE H Carvey (Nov 05)