Previous Thread
Next Thread
Print Thread
Rate Thread
#9307 03/08/02 02:28 AM
Joined: Mar 2002
Posts: 119
Soap Offline OP
Member
OP Offline
Member
Joined: Mar 2002
Posts: 119
I just d/l-ed a sniffer, and must say I am having alot of fun with it on my ethernet network.
I understand, if it's routed, the beginning of the packet is the source MAC to dst MAC with is the next router to
get to the desired dest IP specified.
ok now, how does it work on the internet, with ppl who don't have a network card, or who connect to the net with a modem for example.
What is the source MAC?? is it that 45-44-00-00 or smtg ...corespondance i get while scanning winBOXes...
And do we broadcast? Does everyone on the subnet use FF-FF-FF-FF-FF-FF destination or use the network's router MAC@??

And how would one go about sniffing on smtg else than ethernet? (Modem OR serial??(my fone connects to my laptop thru serial and uses its own modem to connect anyone ever tried sniffing there...?)

thx

#9308 03/08/02 06:53 AM
Joined: Mar 2002
Posts: 1,273
DollarDNS Owner
Offline
DollarDNS Owner
Joined: Mar 2002
Posts: 1,273
/me tries to make sense of your questions...

(disclaimer: answers are given based upon my knowledge of TCP/IP and may be wrong if you use NETBIEU (sp?) or IPX as your ethernet protocol)

"I understand, if it's routed, the beginning of the packet is the source MAC to dst MAC with is the next router to get to the desired dest IP specified."

MAC addresses are mostly important when you're using hubs to route packets. You setup your network and you CAN program some hubs to route packets based upon MAC addresses. A MAC address should always be unique in a network setting so that they can represent that computer properly. MAC addresses are derived from the network card. Since sometimes you may get a conflict where more than one card has the same MAC address, depending on the card, you can change it. Some people believe that all MAC addresses are unique and cannot be changed. Don't listen to them. In a packet: SRC MAC = sending computer, DST MAC = destination computer.

"ok now, how does it work on the internet, with ppl who don't have a network card, or who connect to the net with a modem for example."

The internet doesn't use MAC addresses like that. Instead we've got the TCP/IP system. In that system, each computer is represented by a 32-bit number (IP). Routing is possible because there are routing tables that are passed around amongst routers to let them know where packets go. If a router doesn't know where a packet should go, they send it to a router that might know. Eventually the packet will make it to it's destination, or if it never gets there, a ICMP error response is sent back to the sender.

"What is the source MAC?? is it that 45-44-00-00 or smtg ...corespondance i get while scanning winBOXes..."

The source MAC is simply the address programmed into your network card.

For information about your ethernet card
type this into your command prompt:
ipconfig /all | more

The Physical Address is my MAC address for an adapter. It will look something like '00-C0-F0-78-30-CD'

The MAC address coming from a modem user will be a MAC address of the computer the user is dialed into.

"And do we broadcast?"

uh, broadcasting relates to UDP datagrams which gets sent across an entire submask.

"Does everyone on the subnet use FF-FF-FF-FF-FF-FF destination or use the network's router MAC@??"

For broadcasting? FF-FF-FF-FF-FF-FF always.

"And how would one go about sniffing on smtg else than ethernet?"

What is smtg? I just might be unfamiliar with the acronym. But to give a generalized response... There are two different kinds of sniffers. There's a 'Packet Sniffer' which will log data being sent to and from your computer. Then there's a 'Ethernet Sniffer' which is only useful on networks where you don't have switching and can therefor ALSO log information sent between other computers on that network.


Domain Registration, Hosting, Management
http://www.dollardns.net
#9309 03/08/02 07:00 AM
Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Offline
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
dont dog ipx frown i use it on my network for gaming :x

and sr, i think he meant something :x


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#9310 03/08/02 09:51 AM
Joined: Mar 2002
Posts: 1,273
DollarDNS Owner
Offline
DollarDNS Owner
Joined: Mar 2002
Posts: 1,273
**** internet acronyms encouraging laziness across the internet. One day we'll have to take a class to learn the "Internet Language" so that you can freakin speak to people.

Anyway, as to that last question which I NOW UNDERSTAND...

For Modem users:
Get a Packet Sniffer - not a Ethernet sniffer. I answered your question by chance, but now you have a more definate to-the-point answer.

For ANY NETWORK ethernet or otherwise
Ethernet Sniffer. Yes even NETBIEU and IPX SHOULD be supported by your ethernet sniffer in analysis. Otherwise, you SHOULD at least see the data in the raw.


Domain Registration, Hosting, Management
http://www.dollardns.net
#9311 03/18/02 01:37 AM
Joined: Mar 2002
Posts: 119
Soap Offline OP
Member
OP Offline
Member
Joined: Mar 2002
Posts: 119
ok thanks for the info...
ERm, I realise I think I made a mistake because I sniffed Only ethernet packets... maybe if I sniff Modem PPP connection packets, I'll only get the IP header (and dat) without the Ethernet header is that right?
And about the MAC addresses for winboxes I can't rember I exactly because wait....
maybe I'll find someone on my local network with a winPC
[...]
got it !
44:45:53:54:00:00
wut does that mean?? It can't be used to route packets...so WTF??
And on an XP however it's
00-53-45-00-00-00
which is (a littlke diff...) but stays noticeable against real ethernet cards MAC@

l8s

I'll be goooogling to "packets sniffers"....

#9312 03/18/02 06:18 AM
Joined: Mar 2002
Posts: 1,273
DollarDNS Owner
Offline
DollarDNS Owner
Joined: Mar 2002
Posts: 1,273
00-53-45-00-00-00 00-53-45-00-00-00

Those could be a MAC addresses yes. MAC addresses are always 6 bytes - and that up there is the standard format you read them.

I think the difference between a standard packet sniffer and a ethernet sniffer is how they're implimented. I believe a standard packet sniffer will ALWAYS sniff the packets going to your machine whether you're on a modem or ethernet card. You just gotta bind the packet sniffer to the correct adapter that you'll be recieving data on. But you need a ethernet sniffer to read data on a network that ISN'T directed to your computer. While the packet sniffer hooks an adapter, the ethernet sniffer may go a lower level and hook the ethernet card itself.

I'm hypothesizing here. You really should go look this stuff up and learn for yourself. Other people may tell ya wrong.


Domain Registration, Hosting, Management
http://www.dollardns.net

Link Copied to Clipboard
Member Spotlight
Posts: 43
Joined: November 2002
Forum Statistics
Forums41
Topics33,840
Posts68,858
Average Daily Posts1
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Where and how do you torrent?
by danni75 - 03/01/24 05:58 AM
Animation,
by JohanKaariainen - 08/15/19 01:18 AM
Blackbeard.....
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
unreal 1
Crime 1
Ice 1
Dartur 1
Powered by UBB.threads™ PHP Forum Software 7.7.5