Chapter 27: Sniffing a LAN

Previous page
Table of content
Next page
image from book  Download CD Content

Network traffic contains tons of valuable information, including passwords, credit card numbers , and confidential messages. The hacker can obtain all of this information using network sniffers. Network sniffing is equally interesting and dangerous. Popular sniffers do not conceal their presence and can be easily detected by administrators. Thus, the hacker that doesn't want to be caught red-handed must write a custom sniffer. This chapter describes sniffer anatomy and demonstrates how to write a custom network-sniffing utility. Developing a custom network sniffer is a good programming experience, requiring the programmer to investigate the operating system internals in the finest detail and to study lots of networking protocols. In other words, the hacker that decides to write a custom network sniffer combines pleasure with profit. It is possible to use standard utilities, but this isn't as gratifying.

Goals and Methods of Attack

In common industry usage, sniffers are utilities for capturing and tracing network traffic addressed to another network node or even all available traffic, which might or might not pass through this host. (However, Sniffer, when capitalized, is the trademark of Network Associates, which distributes the Sniffer Network Analyzer.) Most sniffers are legal tools for network monitoring that do not require additional equipment. Nevertheless, in general their use is illegal and requires appropriate privileges (for example, service men can connect local loops , yet clients do not have the right to do this).

The targets of attack can be LANs (based both on hubs and switches), wide area networks (WANs) (including dial-up connections), satellite and mobile Internet connections, wireless networks (including infrared and Bluetooth connections), etc. This chapter mainly concentrates on LANs; all other types of networks will be covered only briefly because they require a principally different approach. Existing attacks can be divided, according to the method of affecting the target, into the following two types: passive and active. Passive sniffing allows the attacker to capture only the traffic that physically passes through the given host. The remaining traffic can be obtained only by directly interfering with network processes (for example, modifying routing tables or sending fictitious packets). Passive sniffing is generally considered hard to detect; however, this is not so. This topic will be covered in more detail later in this chapter.

Hubs and Related Pitfalls

Hubs or concentrators are multiport repeaters . Having received data to one of its ports, the repeater immediately redirects them to other ports. In networks built on the basis of coaxial cable, repeaters are not mandatory components . When using the common bus, it is possible to do without hubs (Fig. 27.1). In networks built on the basis of twisted pair cables and in the star topology networks built on the basis of coaxial cable, repeaters are present by default (Fig. 27.2). Switches , also known as intellectual hubs or routers, are a variant of repeaters, passing data only to the port of the network host, to which they are addressed. This eliminates the possibility of traffic capturing (in theory).

image from book
Figure 27.1: Common bus network topology
image from book
Figure 27.2: Star network topology

Previous page
Table of content
Next page
Shellcoder's Programming Uncovered
Shellcoders Programming Uncovered (Uncovered series)
ISBN: 193176946X
EAN: 2147483647
Year: 2003
Pages: 164
Authors: Kris Kaspersky
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Interprocess Communications in Linux: The Nooks and Crannies
C++ GUI Programming with Qt 3
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Mastering Delphi 7
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy