Hubs not secure!!

kenny504kenny504 Users Awaiting Email Confirmation Posts: 237 ■■□□□□□□□□
Hubs are not secure because basically any information destined to any host connected to the hub is actually broadcasted on everybody's wire. So with the right tool any host can "sniff" data even if it's not intented for them. The intended destination answers though. Right??

Well, lets see I know there's a way to capture packet or maybe even raw data from this insecure means of transmission. Anybody know of any good programs out there that one can use to exploit this characteristic of these insecure network devices and capture data???

Not ethereal
There is no better than adversity, every defeat, every loss, every heartbreak contains its seed. Its own lesson on how to improve on your performance the next time.

Comments

  • SlowhandSlowhand MCSE: Cloud Platform and Infrastructure, MCSA: Windows Server 2003/2012/2016, CCNA Routing & Switchi Bay Area, CaliforniaMod Posts: 5,161 Mod
    Are you trying to emulate the hubs, or sniff for packets? I'm a little confused by your question. If you just want a program to sniff for packets on a single collision domain (sometimes more), I'd say use Snort, or as you mentioned, WireShark/Etheral. . . hell, you can even use Windows Network Monitor. If you're looking for tools that will emulate the effects of having a layer 1 device where you currently have a layer 2 device, I can't help you. My suggestion would be to pick up a hub at CompUSA or BestBuy and test your sniffers on the real deal, which will probably be less of a hassle and give you better results than trying to configure some emulation software. Aside from probably being easier to configure, the actual hardware won't give you false positives, where an emulator may or may not perform the way you want it to unless you set it up exactly right and there are no bugs in the software.

    Free Microsoft Training: Microsoft Learn
    Free PowerShell Resources: Top PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
  • kenny504kenny504 Users Awaiting Email Confirmation Posts: 237 ■■□□□□□□□□
    Thanks alot buddy i have heard of snort I'll try it now. yeah i edited the question i really meant a good sniffer.
    There is no better than adversity, every defeat, every loss, every heartbreak contains its seed. Its own lesson on how to improve on your performance the next time.
  • SlowhandSlowhand MCSE: Cloud Platform and Infrastructure, MCSA: Windows Server 2003/2012/2016, CCNA Routing & Switchi Bay Area, CaliforniaMod Posts: 5,161 Mod
    A good place for free tools in general, is SourceForge, and I'm sure you can find all kinds of sniffers and network scanning utilities in the network monitoring section.

    Free Microsoft Training: Microsoft Learn
    Free PowerShell Resources: Top PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Slowhand wrote:
    you can even use Windows Network Monitor.

    The free version of netmonitor only sniffs packets originated from or destined to the host on which it is running. You probably knew but I thought I would mention it anyway.

    TCPDump/WinDump are also free, but on Windows boxes you need to install the libpcap driver first.
    All things are possible, only believe.
  • SlowhandSlowhand MCSE: Cloud Platform and Infrastructure, MCSA: Windows Server 2003/2012/2016, CCNA Routing & Switchi Bay Area, CaliforniaMod Posts: 5,161 Mod
    sprkymrk wrote:
    Slowhand wrote:
    The free version of netmonitor only sniffs packets originated from or destined to the host on which it is running. You probably knew but I thought I would mention it anyway.

    I'd actually forgotten that it was only able to pick up traffic on its own NIC, (the free version, at least). Still, it should be able to analyze traffic that's being sent over a hub, since it's one big collision domain. You're right, though, TCPDump/WinDump is a good way to go.

    Free Microsoft Training: Microsoft Learn
    Free PowerShell Resources: Top PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
  • seuss_ssuesseuss_ssues Member Posts: 629
    kenny504 wrote:
    Thanks alot buddy i have heard of snort I'll try it now. yeah i edited the question i really meant a good sniffer.

    Im not really one to come on here and disagree with people, but you might take another look at ethereal/wireshark. It is one of the best sniffers out there.

    http://sectools.org/ <
    It was listed as #2 on the top 100 security tools of 2006. The survey was answered by 3,243 hackers/security professionals through insecure's nmap-hacker's mailing list.

    edit
    Additionally snort is a full fledged IDS. It would be more of a hassle to use if you are only trying to sniff traffic.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Slowhand wrote:
    sprkymrk wrote:
    Slowhand wrote:
    The free version of netmonitor only sniffs packets originated from or destined to the host on which it is running. You probably knew but I thought I would mention it anyway.

    I'd actually forgotten that it was only able to pick up traffic on its own NIC, (the free version, at least). Still, it should be able to analyze traffic that's being sent over a hub, since it's one big collision domain.

    Unfortunately, collision domain or not, it only shows you packets that originated on your host, or packets that have your host as the destination address. Nice of MS to make a nice tool and then castrate it, huh? icon_lol.gif
    All things are possible, only believe.
  • SlowhandSlowhand MCSE: Cloud Platform and Infrastructure, MCSA: Windows Server 2003/2012/2016, CCNA Routing & Switchi Bay Area, CaliforniaMod Posts: 5,161 Mod
    sprkymrk wrote:
    Unfortunately, collision domain or not, it only shows you packets that originated on your host, or packets that have your host as the destination address. Nice of MS to make a nice tool and then castrate it, huh? icon_lol.gif

    That's because Microsoft loves us. . . the way a kid with a magnifying glass loves ants.

    Free Microsoft Training: Microsoft Learn
    Free PowerShell Resources: Top PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Slowhand wrote:
    sprkymrk wrote:
    Unfortunately, collision domain or not, it only shows you packets that originated on your host, or packets that have your host as the destination address. Nice of MS to make a nice tool and then castrate it, huh? icon_lol.gif

    That's because Microsoft loves us. . . the way a kid with a magnifying glass loves ants.

    icon_lol.gificon_lol.gificon_lol.gif

    On a related note, I just saw that MS released Netmonitor version 3.1, compatible with Vista and wireless.
    All things are possible, only believe.
  • keatronkeatron Security Tinkerer Member Posts: 1,213 ■■■■■■□□□□
    kenny504 wrote:
    Thanks alot buddy i have heard of snort I'll try it now. yeah i edited the question i really meant a good sniffer.

    Im not really one to come on here and disagree with people, but you might take another look at ethereal/wireshark. It is one of the best sniffers out there.

    http://sectools.org/ <
    It was listed as #2 on the top 100 security tools of 2006. The survey was answered by 3,243 hackers/security professionals through insecure's nmap-hacker's mailing list.

    edit
    Additionally snort is a full fledged IDS. It would be more of a hassle to use if you are only trying to sniff traffic.

    Snort is only a full fledged IDS if you configure it to be one. In most flavors you have three modes. IDS, Logging, and yes...Sniffer mode.

    You might also want to look at Ettercap as well. It gives you "most" of the same sniffing capabilities on a switched network that you would have on a single collision domain based network. Also if you're interested in security, it will get you interested in things such as Arp Spoofing and the like (since it includes this functionality).
Sign In or Register to comment.