![]() ![]() In this post, we’ll show you how to map out your network, take a peek under the covers to see who’s talking to what, and how to uncover devices or processes that may be sucking up bandwidth. Additional images by Thomas van de Weerd and Linux Screenshots. Title photo made using Christos Georghiou. Let’s talk about how you can, with the power of evil, sniff around your home network to make sure you don’t have any uninvited guests. Inside it lies tons of valuable information - unencrypted files, personal, private data, and perhaps most importantly, computers that can be hijacked and used for any purpose. This is to stop arp poisoning by blocking gratuitous arps where an IP is moving from one Ethernet port to another.Your home network is your fortress. Where this won't work is when "port security" has been enabled on the switch, a not uncommon practice. Your machine will now forward packets through its IP stack as if it was the gateway. The interesting machines will unwittingly send all gateway/default route destined traffic to your machine. ![]() It tricks your interested hosts (and the switch) that your machine MAC address now owns the IP of the old IP gateway by sending out a "gratuitous arp". Enter Ettercap which is an arp poisoning tool. So you need a way to act as an Ethernet bridge between the interesting hosts and their gateway but without being physically in the path. ![]() This still won't let them be captured by Wireshark/tcpdump, however. Most managed switches (not a dumb desktop one) allow you to designate a port mirror so that all Ethernet frames are replicated on a specific port where you can attach a machine in promiscuous mode and capture "foreign" Ethernet frames using tcpdump/Wireshark. Therefore, you will only see Ethernet frames destined to or originating from your NIC including broadcast Ethernet frames, such as ARP, but not foreign traffic. This is to reduce collisions associated with Ethernet hubs (something you rarely see these days). The problem you have is that an Ethernet switch is designed so that it learns the MAC addresses on each port and uses this to "route" Ethernet frames to the correct port based on their MAC address. You should be able to Wireshark/tcpdump the information you require. One way to achieve what you want is to use an arp poisoning tool, such as Ettercap. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |