Re: sniffing plaintext protocols

[Shreyas Zare <shreyasonline () yahoo com>]

Hi,

> I have read many articles about sniffing, spoofing
> and relaying.
> So far I learned that it is possible to connect a
> host, hostA, between two 
> existing hosts, host1 and host2, in order to sniff
> e.g. plaintext protcols 
> like telnet, pop3, and ftp.


You can sniff traffic between two or more hosts if you
are on the same network. Ethereal is a very famous and
FREE sniffing tool, you can get it from
www.ethereal.com

> 1)
> Is this only in a local network possible or also in
> the Internet?

Its possible if and only if you lie on the same
network. The network may be private/internet. You must
be connected to the same pipe. 

Another ways of sniffing would be like getting remote
access to a host with help of a trojan and use a
sniffing code inside the trojan to capture packets in
files and email it to you.

You can also sniff a ethernet cable using a wire Tap
if you dont have network access. Tap device would
require you to have physical access to the ethernet
cable, and be able to cut it, connect both the ends to
it and connect the third end to your machine. All the
packets/frames passing through the ethernet cable will
be tapped and you will be able to sniff it using a
sniffing software.

If the network is wireless... no problem, just get a
wi-fi card and start sniffing (you must be in the
wi-fi access point range by the way)


> 2)
> I would lik to test such a scenario in my private
> local network in order to 
> prove myself and my team, that this is really
> possible.

Yes. Use Ethereal. If you are using a Hub inside your
network, you would see all the packets to/from all the
hosts connected to the hub. If you are using a switch,
you would see all the packets to/from your machine and
broadcast packets. You can sniff packets from another
machines connected to the switch with a technique
known as ARP Poisoning. This method is called active
sniffing.


> Can anybody provide me a kind of how-to for this
> scenario.
> I run different linux machines on my local network
> and on hostA I have various 
> tools installed like dsniff, hunt, fakerout,
> P.A.T.H, wireshark, etc.


Ethereal is also available for Linux. Just install it,
run it, start sniffing on the interface you are
connected to the network.

Finally, you must have good know how about different
protocols. If you are new, all the packets sniffed by
ethereal may overwhelme you.




Shreyas Zare
Co-Founder, Technitium

eMail: shreyas () technitium com

..::< The Technitium Team >::..
Visit us at www.technitium.com
Contact us at theteam () technitium com


Technitium Personal Computers
We belive in quality.
Visit http://pc.technitium.com for details.







__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------