UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
July
Su M Tu W Th F Sa
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31
Sponsored Links
Latest Postings
Latest Reviews
Topic Options
Rate This Topic
#9307 - 03/08/02 09:28 AM got a brand new toy....
Soap Offline
Member

Registered: 03/08/02
Posts: 119
Loc: AfriKA
I just d/l-ed a sniffer, and must say I am having alot of fun with it on my ethernet network.
I understand, if it's routed, the beginning of the packet is the source MAC to dst MAC with is the next router to
get to the desired dest IP specified.
ok now, how does it work on the internet, with ppl who don't have a network card, or who connect to the net with a modem for example.
What is the source MAC?? is it that 45-44-00-00 or smtg ...corespondance i get while scanning winBOXes...
And do we broadcast? Does everyone on the subnet use FF-FF-FF-FF-FF-FF destination or use the network's router MAC@??

And how would one go about sniffing on smtg else than ethernet? (Modem OR serial??(my fone connects to my laptop thru serial and uses its own modem to connect anyone ever tried sniffing there...?)

thx

Top
Sponsored Links
      
#9308 - 03/08/02 01:53 PM Re: got a brand new toy....
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
/me tries to make sense of your questions...

(disclaimer: answers are given based upon my knowledge of TCP/IP and may be wrong if you use NETBIEU (sp?) or IPX as your ethernet protocol)

"I understand, if it's routed, the beginning of the packet is the source MAC to dst MAC with is the next router to get to the desired dest IP specified."

MAC addresses are mostly important when you're using hubs to route packets. You setup your network and you CAN program some hubs to route packets based upon MAC addresses. A MAC address should always be unique in a network setting so that they can represent that computer properly. MAC addresses are derived from the network card. Since sometimes you may get a conflict where more than one card has the same MAC address, depending on the card, you can change it. Some people believe that all MAC addresses are unique and cannot be changed. Don't listen to them. In a packet: SRC MAC = sending computer, DST MAC = destination computer.

"ok now, how does it work on the internet, with ppl who don't have a network card, or who connect to the net with a modem for example."

The internet doesn't use MAC addresses like that. Instead we've got the TCP/IP system. In that system, each computer is represented by a 32-bit number (IP). Routing is possible because there are routing tables that are passed around amongst routers to let them know where packets go. If a router doesn't know where a packet should go, they send it to a router that might know. Eventually the packet will make it to it's destination, or if it never gets there, a ICMP error response is sent back to the sender.

"What is the source MAC?? is it that 45-44-00-00 or smtg ...corespondance i get while scanning winBOXes..."

The source MAC is simply the address programmed into your network card.

For information about your ethernet card
type this into your command prompt:
ipconfig /all | more

The Physical Address is my MAC address for an adapter. It will look something like '00-C0-F0-78-30-CD'

The MAC address coming from a modem user will be a MAC address of the computer the user is dialed into.

"And do we broadcast?"

uh, broadcasting relates to UDP datagrams which gets sent across an entire submask.

"Does everyone on the subnet use FF-FF-FF-FF-FF-FF destination or use the network's router MAC@??"

For broadcasting? FF-FF-FF-FF-FF-FF always.

"And how would one go about sniffing on smtg else than ethernet?"

What is smtg? I just might be unfamiliar with the acronym. But to give a generalized response... There are two different kinds of sniffers. There's a 'Packet Sniffer' which will log data being sent to and from your computer. Then there's a 'Ethernet Sniffer' which is only useful on networks where you don't have switching and can therefor ALSO log information sent between other computers on that network.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top
#9309 - 03/08/02 02:00 PM Re: got a brand new toy....
Gremelin Offline

Community Owner
*****

Registered: 02/28/02
Posts: 7192
Loc: Portland, OR; USA
dont dog ipx i use it on my network for gaming :x

and sr, i think he meant something :x
_________________________
Donate to UGN Security here.
UGN Security, Back of the Web, Elite Web Gamers & VNC Web Design Owner

Top
#9310 - 03/08/02 04:51 PM Re: got a brand new toy....
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
**** internet acronyms encouraging laziness across the internet. One day we'll have to take a class to learn the "Internet Language" so that you can freakin speak to people.

Anyway, as to that last question which I NOW UNDERSTAND...

For Modem users:
Get a Packet Sniffer - not a Ethernet sniffer. I answered your question by chance, but now you have a more definate to-the-point answer.

For ANY NETWORK ethernet or otherwise
Ethernet Sniffer. Yes even NETBIEU and IPX SHOULD be supported by your ethernet sniffer in analysis. Otherwise, you SHOULD at least see the data in the raw.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top
#9311 - 03/18/02 08:37 AM Re: got a brand new toy....
Soap Offline
Member

Registered: 03/08/02
Posts: 119
Loc: AfriKA
ok thanks for the info...
ERm, I realise I think I made a mistake because I sniffed Only ethernet packets... maybe if I sniff Modem PPP connection packets, I'll only get the IP header (and dat) without the Ethernet header is that right?
And about the MAC addresses for winboxes I can't rember I exactly because wait....
maybe I'll find someone on my local network with a winPC
[...]
got it !
44:45:53:54:00:00
wut does that mean?? It can't be used to route packets...so WTF??
And on an XP however it's
00-53-45-00-00-00
which is (a littlke diff...) but stays noticeable against real ethernet cards MAC@

l8s

I'll be goooogling to "packets sniffers"....

Top
#9312 - 03/18/02 01:18 PM Re: got a brand new toy....
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
00-53-45-00-00-00 00-53-45-00-00-00

Those could be a MAC addresses yes. MAC addresses are always 6 bytes - and that up there is the standard format you read them.

I think the difference between a standard packet sniffer and a ethernet sniffer is how they're implimented. I believe a standard packet sniffer will ALWAYS sniff the packets going to your machine whether you're on a modem or ethernet card. You just gotta bind the packet sniffer to the correct adapter that you'll be recieving data on. But you need a ethernet sniffer to read data on a network that ISN'T directed to your computer. While the packet sniffer hooks an adapter, the ethernet sniffer may go a lower level and hook the ethernet card itself.

I'm hypothesizing here. You really should go look this stuff up and learn for yourself. Other people may tell ya wrong.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top

Moderator:  Infinite 
Featured Member
Registered: 03/05/02
Posts: 9
Forum Stats
2145 Members
46 Forums
33494 Topics
68661 Posts

Max Online: 1567 @ 04/25/10 10:20 AM
Top Posters
UGN Security 26657
Gremelin 7192
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Jimmie Menon, fghijk435948, Devo60, ali, lavos
2147 Registered Users
Who's Online
0 registered (), 746 Guests and 317 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!