The big news of the week, emanating from Toorcon 12, is the release of Firesheep. This tool makes SideJacking – that is, “hijacking an engaged Web session with a remote service by intercepting and using the credentials that identified the user/victim to that specific server” – painfully simple for anybody to use. How easy? Well, let’s see… you download and install Firefox… and then you download and install the Firesheep extension to Firefox… and then you restart Firefox and run the tool to start hijacking sessions… that’s it! Simple enough for ya? SideJacking is not a new concept, nor is the existence of tools. Robert Graham of Errata Security made a bit of a splash with his tool Hamster back[…]

This concludes parts 1, 2 and 3 of our Sniffing Networks series. This part is a little less technical, but I still recommend that you be familiar with the first three parts. In part 3 of our series, I showed you how to use Wireshark to sniff traffic and hopefully gather some passwords. It’s a lot of digging through a haystack to find a needle. It works, and if you know some of the protocols, you can search for keywords to help you. But if you’re just lazy, there are two excellent tools for just passwords: dsniff on Unix, and Cain & Abel on Windows. Both tools do a little bit more than sniffing and support things like ARP spoofing[…]

Once you start sniffing traffic, how do you know what you’re seeing? There are some tools that will decode everything for you, and others that show you the raw packets, and everything in between. The third part in this series will discuss how to read the output from one of the most common tools in sniffing: Wireshark (aka Ethereal)

This entry continues where Sniffing Networks Part 1 left off. If you didn’t read it, as long as you understand how switches work and why we have MAC addresses, you’ll be able to understand this entry. The physical wire may talk in MAC addresses, but when’s the last time you typed a MAC address into a browser location bar? (You haven’t, except by accident, and certainly not expecting to get anywhere with it.) Computers talk in IP addresses, not MAC addresses, so how does the switch know what port to send the packet on to if it’s only given the IP address? Address Resolution Protocol, or ARP. ARP is another table that lives in each router (and computer) to map[…]

First, what is network sniffing? It’s listening to the bits on the wire (or in the air) that are sent between computer systems. Really, it’s all 1s and 0s that are sent in a particular format. That particular format is usually “Ethernet” or 802.3, but can also be 802.11 (wireless) or single/multi-mode fiber. There are ways of sniffing by “vampiring” the physical wires, but we’re going to start a step above that and assume you have a computer that can already connect to the network somehow. A basic introduction to how 802.3 works would be useful, so here we go. Because of the way Ethernet works, the machines on the network have to take turns transmitting or their transmissions will[…]