Author Topic: LAN security and sniffing  (Read 5890 times)

0 Members and 1 Guest are viewing this topic.

Offline kondziorek

  • Jr. Member
  • **
  • Posts: 42
  • Karma: 0
  • I've just joined!
    • View Profile
    • Awards
LAN security and sniffing
« on: December 11, 2015, 07:35:49 am »
Hi Everyone,
I don't know if that's proper section of forum, but to the point.

Yesterday I used 2 computers to make telnet connection in school. They were next to each other. IP 192.168.100.12 192.168.100.13

I launched wireshark and I wanted to see telnet packets and It worked I saw commands I typed :)

But, Is it possible to sniff these packets by another computer in classroom for example 192.168.100.20(which is at the end of the classroom)

I think that would be impossible because There is a managed switch, as we know switch sends packet to destination port unlike Hub that directs packet to all ports.

Could anyone give an opinion?

Conrad

Offline Mark Greaves (PCNetSpec)

  • Administrator
  • Hero Member
  • *****
  • Posts: 18180
  • Karma: 476
  • Gender: Male
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
    • Awards
Re: LAN security and sniffing
« Reply #1 on: December 11, 2015, 01:26:28 pm »
if all PC's are connected to the switch, including the two that are right next to each other .. why would you expect the switch to interfere ?

or are the two that are next to each other connected in some other way that doesn't go via the switch ?
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Offline kondziorek

  • Jr. Member
  • **
  • Posts: 42
  • Karma: 0
  • I've just joined!
    • View Profile
    • Awards
Re: LAN security and sniffing
« Reply #2 on: December 11, 2015, 02:05:21 pm »
All 10 PC's are connected to management switch Netgear,

Technically is it possible to sniff packet that not directed to you?
For example I'm 192.168.100.12
And other 2 PC(for example192.168.100.20, 192.168.100.21)that communicate each oder(by telntet)  excluding me.
You know I don't take part in communication between them.
As we know switch for example get packet from 192.168.100.20 and has to sent it to receiver.

So I suspect that's impossible to sniff packet that's not directed to you, in case when you've got a hub that would be possible because it sends packets to everybody.
Am I correct?  :)

Conrad

Wysłane z mojego OV-V10 przy użyciu Tapatalka


Offline Mark Greaves (PCNetSpec)

  • Administrator
  • Hero Member
  • *****
  • Posts: 18180
  • Karma: 476
  • Gender: Male
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
    • Awards
Re: LAN security and sniffing
« Reply #3 on: December 11, 2015, 07:48:25 pm »
I'm still wondering why you'd think

192.168.100.12 <--> switch <--> 192.168.100.13

would work, but

192.168.100.12 <--> switch <--> 192.168.100.20

wouldn't .. as they both go via the switch ??
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Offline kondziorek

  • Jr. Member
  • **
  • Posts: 42
  • Karma: 0
  • I've just joined!
    • View Profile
    • Awards
Re: LAN security and sniffing
« Reply #4 on: December 11, 2015, 08:36:39 pm »
I attach explanation from one page

"Each serves as a central connection for all of your network equipment and handles a data type known as frames. Frames carry your data. When a frame is received, it is amplified and then transmitted on to the port of the destination PC. The big difference between these two devices is in the method in which frames are being delivered.

In a hub, a frame is passed along or "broadcast" to every one of its ports. It doesn't matter that the frame is only destined for one port. The hub has no way of distinguishing which port a frame should be sent to. Passing it along to every port ensures that it will reach its intended destination. This places a lot of traffic on the network and can lead to poor network response times."

I mean frames in switch are like multicast,unicast. Frame is delivered  from one PC into another PC that is connected to port in switch.

Meanwhile hub is like broadcast,  it handle frames to all ports.

I believe when we've got a switch it is impossible to sniff, hear frames, packets, using Wireshark because you're not a receiver.

Conrad

Wysłane z mojego OV-V10 przy użyciu Tapatalka


Offline Mark Greaves (PCNetSpec)

  • Administrator
  • Hero Member
  • *****
  • Posts: 18180
  • Karma: 476
  • Gender: Male
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
    • Awards
Re: LAN security and sniffing
« Reply #5 on: December 11, 2015, 11:05:32 pm »
I'm not questioning the documentation...

What I can't get my head around is why you say it DOES work between 2 PC that have the switch between them

but you think it WOULDN'T work between two different PC's that only have the same switch between them

that doesn't make sense .. in your example, the network topography is EXACTLY the same between
192.168.100.12 <--> switch <--> 192.168.100.13
and
192.168.100.12 <--> switch <--> 192.168.100.20
so why would one work, and the other not ?
« Last Edit: December 11, 2015, 11:07:12 pm by Mark Greaves (PCNetSpec) »
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Offline kondziorek

  • Jr. Member
  • **
  • Posts: 42
  • Karma: 0
  • I've just joined!
    • View Profile
    • Awards
Re: LAN security and sniffing
« Reply #6 on: December 12, 2015, 09:48:22 am »
Ok Mark, I'll find out packet sniff at Monday. And I'll let you know.


Wysłane z mojego OV-V10 przy użyciu Tapatalka


Offline Mark Greaves (PCNetSpec)

  • Administrator
  • Hero Member
  • *****
  • Posts: 18180
  • Karma: 476
  • Gender: Male
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
    • Awards
Re: LAN security and sniffing
« Reply #7 on: December 12, 2015, 12:07:35 pm »
or are you saying that 192.168.100.12 and 192.168.100.13 are connected via a hub (which is in turn connected to the switch) .. but 192.168.100.20 is on the other side of the switch without being on the  same hub ?
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Offline kondziorek

  • Jr. Member
  • **
  • Posts: 42
  • Karma: 0
  • I've just joined!
    • View Profile
    • Awards
Re: LAN security and sniffing
« Reply #8 on: December 12, 2015, 08:54:08 pm »
No no, everything is connected to one switch and there's no Hub.


Wysłane z mojego OV-V10 przy użyciu Tapatalka


 


SimplePortal 2.3.3 © 2008-2010, SimplePortal