Ethereal & Network Sniffing

4:16 pm on October 27th, 2005 | Tech

We’ll I’ve finally decided to blog after a period of almost five months. The main reason that I stopped to blog is that I didn’t see the point when no one’s there to see or comment my blog. As more and more of my friends started getting into 360 I thought that blog might need reconsideration. So here I am finally.

These days I really am busy since I’ve stopped bunking classes and started taking them a little more seriously. Also my semester is nearing an end so my work load is starting to increase with all the lab tests and viva-voice’s going on.

These days I’m interested more in computer networks and the way they work. As I know most of the basics I started getting into some serious stuff. After one learns about the types of computer networks available and the way to configure them sniffing is one the best ways to understand the way computers on the network communicate with one another. Sniffing is often frowned upon as a hacking technique but it is an important and integral part of network analysis and trouble shooting. Not that I’m trying to say that hacking is taboo. In fact I worship it. Let’s see what sniffing is:

Sniffing Techniques:

Sniffing: Passive interception and reading network traffic. Normally a computer’s network connection ignores traffic that is not addressed to it, but when sniffing the computer will pick up everything in promiscuous mode.

The Prerequisites To Start Sniffing:

A computer with at least one network adapter.(But of course )
Physical Access to a computer network. (Preferably a Large one)
A decent amount of RAM(optional).

When you got the above you are good to go. When I said ‘Physical Access’ – I mean’t it because to sniff a network you need not have a login and password etc. You just need a cable with a RJ45 jack that connects you to a network. RAM is optional because it depends on the type of network u are going to sniff. When you are thinking of sniffing a network of say a few hundred systems you better have a minimum of 512MB of RAM or your system is bound to get hung. (Oh! Boy with the number of times I’m saying the word sniff I already feel like a dog).

Sniffing programs abound on the internet. The best one I would suggest would be Ethereal’s Windows version (http://www.ethereal.com/distribution/win32/). It simply got tons of features and its free to use. It works best on UNIX or Linux based systems but the win32 version works just fine. You need to install winpcap library too for it work properly. How you use Ethereal is pretty much basic so I think I need not go into those details. Also there’s always the user manuals and help menus supplied with the programs.

The second most important thing in a network before you start sniffing is to avoid getting caught by someone’s who whose more shrewd than you.

Word of Advice To Those Who Think They Are Kool: There’s always someone better than you.

So let’s get back to avoid getting detected. Is it important? Yes, for large and sensitive networks there are always firewalls and loggers that log every single moveof Yours. For smaller’or less monitored networks, like college networks, its not so important. So how do you it? Simple spoof your IP. What is IP spoofing? In simple it showing you IP as something else to the whole network or simply change your IP for a brief period. Also when you change your IP be sure to change your MAC address too.

MAC Address: Media Access Control. This is a commonly referred to sub layer of the data link layer in the ISO network reference model. In layman’s language it is a kind of watermark of the company’s name on the network adapter by the manufacturer. It is unique for each and every network adapter. So be very careful.

Make a note that not all network adapters allow you to change the MAC address. So here’s a system limitation that one has to live with

Once you do all the above you are ready to be a dog, sorry You are ready to sniff the network, Blood Hound Style. What you sniff on the network is clearly an ethical issue which I’m not going to go into. You can sniff from anything to everything. But the network traffic that is encrypted remains encrypted, that’s the whole point of encryption isn’t it? Apart from the http passwords to plain text conversations light up like Christmas lights. You can even eavesdrop on VoIP conversation and Yahoo chats with some custom made adjustments. So from here you are on your own.