Security Basics mailing list archives
Re: packet sniffing help needed.
From: yaoki () hawaii edu
Date: 7 Dec 2005 19:19:03 -0000
yes, this is possible. An easier way to accomplish this is with a hub like so: C1< --HUB-->ISP<--- > C3 C2-----¦ Make sure to use a hub, not a switch, as switches isolate traffic at the datalink layer & hubs are just dumb repeaters at the physical layer. The scenario you proposed may run into switch isolation on the internet. If you run into problems with that setup do try the HUB approach to gather the sniff results you are after. Your case is a controlled experiment with full consent, so not an MITM attack. If any of the parties in the communication were unaware of your monitoring then yes, it would be a MITM attack in such cases (even without data modification). Its all about consent. The alerts you mention are simple advisories as you suggested. What you will see in your packet captures will be plain text html pages that you will be able to read. Then hop onto an HTTPS site if you care to & you will find the pages to be encrypted, so unreadable by a third-party observer. I have to get back to my books..its serious crunch mode time for me. If you encounter further problems there are folks here who can help you out further. Hope this helped! -mark aoki
Current thread:
- packet sniffing help needed. Mark Knowles (Dec 06)
- Re: packet sniffing help needed. Dale Fay (Dec 07)
- RE: packet sniffing help needed. David Gillett (Dec 07)
- Re: packet sniffing help needed. dallas jordan (Dec 07)
- Re: packet sniffing help needed. Rodrigo Blanco (Dec 09)
- Re: packet sniffing help needed. Mark Knowles (Dec 09)
- <Possible follow-ups>
- RE: packet sniffing help needed. Beauford, Jason (Dec 07)
- Re: packet sniffing help needed. yaoki (Dec 07)
- Re: packet sniffing help needed. ilaiy (Dec 07)