Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: Network without DHCP server

  1. #11
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    Quote Originally Posted by Thorn View Post
    Passive monitoring. Usually within about 5 minutes of monitoring you can observe everything you need to determine all those things.
    But is that possible on a switch?

    OOPS, I read too fast. We are talking about wireless. Forget what I said about mac flooding :P
    - Poul Wittig

  2. #12
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by Deathray View Post
    But is that possible on a switch?

    OOPS, I read too fast. We are talking about wireless. Forget what I said about mac flooding :P
    Yes, even wired, and even on a switched network. There are several options:
    1) Use the span port built into many switches.
    2) "Hub out" a machine or even a whole segment.
    3) Throw a tap on a machine/segment.

    Some of it depends on how open or stealthy you are, and what you have access to as far as wiring closets, etc. Even just "hubbing" or tapping a single machine will usually get you enough information to get the IP range, GW, and DNS info.
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #13
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Thorn View Post
    Yes, even wired, and even on a switched network. There are several options:
    1) Use the span port built into many switches.
    2) "Hub out" a machine or even a whole segment.
    3) Throw a tap on a machine/segment.

    Some of it depends on how open or stealthy you are, and what you have access to as far as wiring closets, etc. Even just "hubbing" or tapping a single machine will usually get you enough information to get the IP range, GW, and DNS info.
    You forgot what we were talking about last week.

    Develop an Inductively Coupled Passive Tap, (ICPT), and monitor the traffic.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #14
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by Deathray View Post
    But is that possible on a switch?
    ARP Poisoning
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  5. #15
    Just burned his ISO freebsd_man's Avatar
    Join Date
    Nov 2008
    Posts
    19

    Default

    Quote Originally Posted by Thorn View Post
    Passive monitoring. Usually within about 5 minutes of monitoring you can observe everything you need to determine all those things. Of course, you do need to have prior knowledge of TCP/IP to understand what you are looking at. If you do have that knowledge though, those settings are easy to figure out.
    if I understand you correctly this mean that i can get ip and gw from captured frame actually without connection to network I'm looking for ? just raw monitoring and then appropriate packet analyzer ?

  6. #16
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by freebsd_man View Post
    if I understand you correctly this mean that i can get ip and gw from captured frame actually without connection to network I'm looking for ? just raw monitoring and then appropriate packet analyzer ?
    Exactly, you can try this yourself with wireshark if you have a second device that can act as the client on your AP. Simply use Wireshark to examine the packets that are transmitted and you should easily find all the information you need.
    -Monkeys are like nature's humans.

  7. #17
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    Quote Originally Posted by theprez98 View Post
    ARP Poisoning
    But how will you ARP poison when you don't know the IP of the default gateway? Then you can't trick the targets to use the attacker as the GW.
    - Poul Wittig

  8. #18
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by freebsd_man View Post
    if I understand you correctly this mean that i can get ip and gw from captured frame actually without connection to network I'm looking for ? just raw monitoring and then appropriate packet analyzer ?
    Yes, essentially that's it. That, and the big packet analyzer located between your ears.
    Thorn
    Stop the TSA now! Boycott the airlines.

  9. #19
    Junior Member
    Join Date
    Jan 2010
    Posts
    46

    Default

    Someone correct me if I am wrong, but I believe it can be done with Kismet.

  10. #20
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by carboncopy View Post
    Someone correct me if I am wrong, but I believe it can be done with Kismet.
    Not exactly. Kismet will capture the packets, and may display an IP address, but that's about it. For full analysis you'll need to look at the captures with a packet analyzer.
    Thorn
    Stop the TSA now! Boycott the airlines.

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •