wireless packet sniffing ? (security related)

SnowSurfer · 08-31-2005, 04:55 PM

the wireless networks on my campus are unencrypted...so say some savy person sniffed wireless packets using etheral, how would they interpret them and make sense of them?

should this savy person save them as the top choice in the menu or what?

thanks a bundle

StonedWheat · 08-31-2005, 06:04 PM

I use airopeek, so I don't know exactly how the ethereal interface and features are specifically. I would look at the data portion of each packet. In airopeek, you can filter packets by conversations. So if there is an option to filter the conversation between a machine and say, mail.yahoo.com, you could probably read a person's email being sent. Looking through every single packet can be very time consuming though.

Getting airopeek configured was such a pain! Let me know if ethereal is a lot easier to play with.

ribitch · 08-31-2005, 07:46 PM

a wireless packet is actually larger than a ethernet packet, however ethereal has a decoder for them. Last I checked, it was part of the base application. you just need to look at the type of packet thats being transmitted to see what is going on.

SnowSurfer · 08-31-2005, 09:19 PM

i have these different types of packets from what was sniffed today, arp,browse, dhcp, igmp, nbns, ssdp... any idea how to see what is what...?

Jeffbx · 09-01-2005, 05:52 AM

First you need to know exactly what you're looking for, then filter for that. Otherwise (as you've probably seen), you'll get too much garbage to wade through:

ARP = address resolution protocol
DHCP = dynamic host configuration protocol
IGMP = internet group management protocol
NBNS = NetBIOS Name Server (like WINS)
SSDP = Single service discovery protocol

All of these are just communication protocols that the machines use to see what's on the network. None of them contain any useful data, unless you happen to be troubleshooting a networking issue.

So what exactly are you looking for?

ribitch · 09-01-2005, 11:10 AM

Quote:

Originally Posted by Jeffbx

So what exactly are you looking for?

packet pr0n

SnowSurfer · 09-01-2005, 07:27 PM

Quote:

Originally Posted by ribitch

packet pr0n

exactly i wanted to see what kind of nasty crap people were looking at

08-31-2005, 04:55 PM	#1
SnowSurfer Rear Admiral Lower Half Join Date: Jun 2002 Posts: 2,616	wireless packet sniffing ? (security related) the wireless networks on my campus are unencrypted...so say some savy person sniffed wireless packets using etheral, how would they interpret them and make sense of them? should this savy person save them as the top choice in the menu or what? thanks a bundle __________________ I have an athlon xp 2500+ ... aren't you glad you know that?

08-31-2005, 06:04 PM	#2
StonedWheat Commander Join Date: May 2000 Location: Bay Area, Ca Posts: 1,268	I use airopeek, so I don't know exactly how the ethereal interface and features are specifically. I would look at the data portion of each packet. In airopeek, you can filter packets by conversations. So if there is an option to filter the conversation between a machine and say, mail.yahoo.com, you could probably read a person's email being sent. Looking through every single packet can be very time consuming though. Getting airopeek configured was such a pain! Let me know if ethereal is a lot easier to play with. __________________ "Cynicism is knowing the price of everything and the value of nothing." -Oscar Wilde

08-31-2005, 07:46 PM	#3
ribitch Rear Admiral Upper Half Join Date: Sep 2001 Location: Michigan Posts: 3,672	a wireless packet is actually larger than a ethernet packet, however ethereal has a decoder for them. Last I checked, it was part of the base application. you just need to look at the type of packet thats being transmitted to see what is going on. __________________ http://ribitch.com/ipod.html

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

08-31-2005, 09:19 PM	#4
SnowSurfer Rear Admiral Lower Half Join Date: Jun 2002 Posts: 2,616	i have these different types of packets from what was sniffed today, arp,browse, dhcp, igmp, nbns, ssdp... any idea how to see what is what...?

09-01-2005, 05:52 AM	#5
Jeffbx Fleet Admiral Join Date: Mar 2000 Location: Michigan Posts: 9,390	First you need to know exactly what you're looking for, then filter for that. Otherwise (as you've probably seen), you'll get too much garbage to wade through: ARP = address resolution protocol DHCP = dynamic host configuration protocol IGMP = internet group management protocol NBNS = NetBIOS Name Server (like WINS) SSDP = Single service discovery protocol All of these are just communication protocols that the machines use to see what's on the network. None of them contain any useful data, unless you happen to be troubleshooting a networking issue. So what exactly are you looking for?

User Name
Password
Remember Me?