Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Bring back the hub!

  1. #11
    penguin_to_bits
    Guest

    Default

    OK I'll be more specific. What program(s) should I use for sniffing a switched network? Ettercap has been suggested. Do others agree?

    Does Ettercap work by means of ARP poisoning? Once all the hosts on the network have been poisoned, can I just use Wireshark to sniff the traffic?

    I realise that Wireshark has filters, but is there any more sophisticated sniffing software you can use to sniff very particular things, like Samba passwords for instant?

  2. #12
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    You can't sniff a network (wireshark) without arp-poisoning. You could with a hub. You need to arp-poison to get everything on a switched network. Man, just go download cain and abel.
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

  3. #13
    Junior Member pipboy's Avatar
    Join Date
    Apr 2007
    Posts
    30

    Default

    Pffttt amature. You don't need any programs. No Poising is required since hubs are layer One. Real pros just use a steady hand and keep track of the bits by eye.

  4. #14
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by pipboy View Post
    Pffttt amature. You don't need any programs. No Poising is required since hubs are layer One. Real pros just use a steady hand and keep track of the bits by eye.
    Decode the flashes off the leds on the nics.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  5. #15
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Barry View Post
    Decode the flashes off the leds on the nics.
    I hold the CAT5 in my hand and decode the the packets by feeling the EMF.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #16
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    Quote Originally Posted by streaker69 View Post
    I hold the CAT5 in my hand and decode the the packets by feeling the EMF.
    Its true! I've even seen him do that with STP wiring.

  7. #17
    Junior Member pipboy's Avatar
    Join Date
    Apr 2007
    Posts
    30

    Default

    my hands have been hardened by years of infantry work, So I have to resort to packet tasting. My favorite taste would have to be class C subnet masks, Mmmm On bits taste tingly.





    ps. hhmatt81 Look up the difference between a switch and a hub and then look up what ARP actually does, best to understand the equipment and protocols before you go around trying to break them.

  8. #18
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    Quote Originally Posted by pipboy View Post
    ps. hhmatt81 Look up the difference between a switch and a hub and then look up what ARP actually does, best to understand the equipment and protocols before you go around trying to break them.
    What makes you think I don't know the difference?

    **EDIT**

    Are you really that dumb that you don't know when your being made fun of?

    1) You posted a reply to a senior members post that in 1 day will be a month old.
    2) If you would have actually read the post you would clearly see that he mentioned arp poisoning is required UNLESS you use a hub.
    3) Then you make a retarded comment about being able to see the bits of data streaming across the wire.
    4) Now your trying to say that I have no idea what the difference between a hub and a switch is when there is nothing to backup your theory.
    5) On top of that you make another statement that you cannot feel the bits but rather you use your tongue to taste the on bits. When originally you were talking about having a steady hand and watching the physical electric data stream.
    6) Poising has nothing to do with ARP Poisoning.
    7) When have I ever made you believe I am trying to break equipment or protocols?
    8) If I wanted to break the equipment I would go and get a hammer.
    9) ARP is an addressing resolution protocol which means that it resolves mac addresses to Internet Protocol addressing. Hence the resolution.
    10) Hubs are dumb and do nothing but broadcast every packet frame to every port on the hub.
    11-14) Switches carry an addressing table and will forward every packet frame to the proper port according to the ARP table. This is where ARP poisoning comes in. ARP-Poisoning changes the ARP table on a switch by sending it several malicious ARP packets to change the table to read that the attacker is the actual gateway and will then forward packets to the gateway which the attacker will then send on to the real gateway. This provides all packets to go through the attacker which will then be able to sniff each packet frame as it comes in or out. ARP poisoning does not cause the switch to act like a hub it simply changes the gateway address.

  9. #19
    Junior Member pipboy's Avatar
    Join Date
    Apr 2007
    Posts
    30

    Default

    "What makes you think I don't know the difference?" ... you want to ARP poison a hub?

    I didn't mean to be insulting. Maybe I'm wrong and some crafty person could find a way to do it. But a Hub is to my knowledge a layer one device meaning that it really does not deal with sorting traffic. Thus it wouldn't really need MAC address and poising between user and the hub wouldn't be possible. And it's a bit late so brains a lil foggy but since a user really does not have control of the data flow(hub) its not really like he can say "hey I swear I'm 192.168.0.6 send data to me instead" unless your gonna mess with the ISP which would be rude since they also must be giving you quiet a few IP address' (no NAT(assuming they don't have router backbone or something funny))..


    ps.. damn you, your making me over think while I'm tired and now I have really long run on sentences... GOOD PEOPLE HAD TO READ THIS!!! YOU MADE ME DO THIS!!



    pss. calm down there. Most if not ALL of your argument is attacking my sense of humor or wordplay. You going out and explaining something that I already know does not make me look bad either."Poising has nothing to do with ARP Poisoning" And yet I was responding too "Would you use ARP poisoning?". And yet again "breaking" is just a friendly way of talking about hacking considering often why you try and hack, simply breaks.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •