Your browser does not seem to support CSS. If images appear below, please disregard them.
It appears that you're running an Ad-Blocker. This site is monetized by Advertising and by User Donations; we ask that if you find this site helpful that you whitelist us in your Ad-Blocker, or make a Donation to help aid in operating costs.
Previous Thread
Next Thread
Print Thread
Rate This Thread
#9307 - 03/08/02 09:28 AM got a brand new toy....  
Joined: Mar 2002
Posts: 119
Soap Offline
Member
Soap  Offline
Member

Joined: Mar 2002
Posts: 119
AfriKA
I just d/l-ed a sniffer, and must say I am having alot of fun with it on my ethernet network.
I understand, if it's routed, the beginning of the packet is the source MAC to dst MAC with is the next router to
get to the desired dest IP specified.
ok now, how does it work on the internet, with ppl who don't have a network card, or who connect to the net with a modem for example.
What is the source MAC?? is it that 45-44-00-00 or smtg ...corespondance i get while scanning winBOXes...
And do we broadcast? Does everyone on the subnet use FF-FF-FF-FF-FF-FF destination or use the network's router MAC@??

And how would one go about sniffing on smtg else than ethernet? (Modem OR serial??(my fone connects to my laptop thru serial and uses its own modem to connect anyone ever tried sniffing there...?)

thx

Sponsored Links
#9308 - 03/08/02 01:53 PM Re: got a brand new toy....  
Joined: Mar 2002
Posts: 1,273
SilentRage Offline
DollarDNS Owner
SilentRage  Offline
DollarDNS Owner

Joined: Mar 2002
Posts: 1,273
OH, USA
/me tries to make sense of your questions...

(disclaimer: answers are given based upon my knowledge of TCP/IP and may be wrong if you use NETBIEU (sp?) or IPX as your ethernet protocol)

"I understand, if it's routed, the beginning of the packet is the source MAC to dst MAC with is the next router to get to the desired dest IP specified."

MAC addresses are mostly important when you're using hubs to route packets. You setup your network and you CAN program some hubs to route packets based upon MAC addresses. A MAC address should always be unique in a network setting so that they can represent that computer properly. MAC addresses are derived from the network card. Since sometimes you may get a conflict where more than one card has the same MAC address, depending on the card, you can change it. Some people believe that all MAC addresses are unique and cannot be changed. Don't listen to them. In a packet: SRC MAC = sending computer, DST MAC = destination computer.

"ok now, how does it work on the internet, with ppl who don't have a network card, or who connect to the net with a modem for example."

The internet doesn't use MAC addresses like that. Instead we've got the TCP/IP system. In that system, each computer is represented by a 32-bit number (IP). Routing is possible because there are routing tables that are passed around amongst routers to let them know where packets go. If a router doesn't know where a packet should go, they send it to a router that might know. Eventually the packet will make it to it's destination, or if it never gets there, a ICMP error response is sent back to the sender.

"What is the source MAC?? is it that 45-44-00-00 or smtg ...corespondance i get while scanning winBOXes..."

The source MAC is simply the address programmed into your network card.

For information about your ethernet card
type this into your command prompt:
ipconfig /all | more

The Physical Address is my MAC address for an adapter. It will look something like '00-C0-F0-78-30-CD'

The MAC address coming from a modem user will be a MAC address of the computer the user is dialed into.

"And do we broadcast?"

uh, broadcasting relates to UDP datagrams which gets sent across an entire submask.

"Does everyone on the subnet use FF-FF-FF-FF-FF-FF destination or use the network's router MAC@??"

For broadcasting? FF-FF-FF-FF-FF-FF always.

"And how would one go about sniffing on smtg else than ethernet?"

What is smtg? I just might be unfamiliar with the acronym. But to give a generalized response... There are two different kinds of sniffers. There's a 'Packet Sniffer' which will log data being sent to and from your computer. Then there's a 'Ethernet Sniffer' which is only useful on networks where you don't have switching and can therefor ALSO log information sent between other computers on that network.


Domain Registration, Hosting, Management
http://www.dollardns.net
#9309 - 03/08/02 02:00 PM Re: got a brand new toy....  
Joined: Feb 2002
Posts: 7,195
Gremelin Offline
Community Owner
Gremelin  Offline

Community Owner

Joined: Feb 2002
Posts: 7,195
Likes: 3
Portland, OR; USA
dont dog ipx i use it on my network for gaming :x

and sr, i think he meant something :x


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#9310 - 03/08/02 04:51 PM Re: got a brand new toy....  
Joined: Mar 2002
Posts: 1,273
SilentRage Offline
DollarDNS Owner
SilentRage  Offline
DollarDNS Owner

Joined: Mar 2002
Posts: 1,273
OH, USA
**** internet acronyms encouraging laziness across the internet. One day we'll have to take a class to learn the "Internet Language" so that you can freakin speak to people.

Anyway, as to that last question which I NOW UNDERSTAND...

For Modem users:
Get a Packet Sniffer - not a Ethernet sniffer. I answered your question by chance, but now you have a more definate to-the-point answer.

For ANY NETWORK ethernet or otherwise
Ethernet Sniffer. Yes even NETBIEU and IPX SHOULD be supported by your ethernet sniffer in analysis. Otherwise, you SHOULD at least see the data in the raw.


Domain Registration, Hosting, Management
http://www.dollardns.net
#9311 - 03/18/02 08:37 AM Re: got a brand new toy....  
Joined: Mar 2002
Posts: 119
Soap Offline
Member
Soap  Offline
Member

Joined: Mar 2002
Posts: 119
AfriKA
ok thanks for the info...
ERm, I realise I think I made a mistake because I sniffed Only ethernet packets... maybe if I sniff Modem PPP connection packets, I'll only get the IP header (and dat) without the Ethernet header is that right?
And about the MAC addresses for winboxes I can't rember I exactly because wait....
maybe I'll find someone on my local network with a winPC
[...]
got it !
44:45:53:54:00:00
wut does that mean?? It can't be used to route packets...so WTF??
And on an XP however it's
00-53-45-00-00-00
which is (a littlke diff...) but stays noticeable against real ethernet cards MAC@

l8s

I'll be goooogling to "packets sniffers"....

Sponsored Links
#9312 - 03/18/02 01:18 PM Re: got a brand new toy....  
Joined: Mar 2002
Posts: 1,273
SilentRage Offline
DollarDNS Owner
SilentRage  Offline
DollarDNS Owner

Joined: Mar 2002
Posts: 1,273
OH, USA
00-53-45-00-00-00 00-53-45-00-00-00

Those could be a MAC addresses yes. MAC addresses are always 6 bytes - and that up there is the standard format you read them.

I think the difference between a standard packet sniffer and a ethernet sniffer is how they're implimented. I believe a standard packet sniffer will ALWAYS sniff the packets going to your machine whether you're on a modem or ethernet card. You just gotta bind the packet sniffer to the correct adapter that you'll be recieving data on. But you need a ethernet sniffer to read data on a network that ISN'T directed to your computer. While the packet sniffer hooks an adapter, the ethernet sniffer may go a lower level and hook the ethernet card itself.

I'm hypothesizing here. You really should go look this stuff up and learn for yourself. Other people may tell ya wrong.


Domain Registration, Hosting, Management
http://www.dollardns.net

Member Spotlight
Crime
Crime
SC, usa
Posts: 506
Joined: March 2002
Show All Member Profiles 
Forum Statistics
Forums45
Topics47,470
Posts82,640
Average Daily Posts7
Members2,159
Most Online1,567
Apr 25th, 2010
Latest Postings
Top Posters(All Time)
UGN Security 40,634
Gremelin 7,195
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Liked Users (All Time)
§intå× Likes: 1
Cold Sunn Likes: 1
Crime Likes: 1
Cyrez Likes: 1
Ghost Likes: 1
Gremelin Likes: 4
Ice Likes: 1
unreal Likes: 1
Top Liked Users (30 Days)
No Data Found
Powered by UBB.threads™ PHP Forum Software 7.6.0
(Snapshot build 20160902)