Internet connection was slow in the office for the past few days, and I thought it was streamyx problem until today that I suspected something was not right from within the office itself.
The first tool used was etter*** to poison everybody’s arp so that i can see everybody’s traffic. I was just interested to see things general, and so I fire up etherape, and here’s what I got:
From here I can see the culprit (in this case, the one with the most connection). Where to go from here? The imagination is up to you..
14 Comments on this post
Leave a CommentI kenot imagine lah… what happen??
Comment left on 6.6.2006 by palie
Nothing happen
But when you get everybody’s traffic, what you want to do is up to you. I don’t want to go into deep with this thing here coz some might not be using it for the right purpose.
Comment left on 6.6.2006 by shakir
er… elaborate further please…
btw, cool la, the 1st comment was made on 06/06/06 at 06:06. (well, technically it’s 18:06 since it says pm, but still cool nonetheless)
Comment left on 6.7.2006 by noris
Hmm, what to elaborate eh..
Theoretically we can’t see/get other people’s traffic in a switched (the network switch) environment. But with arp spoofing (teach your students in their network class), it’s possible. Etherape is just one example of what can you do once you get the traffics.
Comment left on 6.7.2006 by shakir
The @rt OF network
kn0w y0ur own r00t
Comment left on 6.7.2006 by mhafizan
woow.a lot of traffics flaying around eh? w0rm maybe?.im still prefer to spoof only the gateway.:D.it is less noisy laa..:D.
Comment left on 6.8.2006 by yomuds
heh, just see aaa … dont capture – capture…
Comment left on 6.8.2006 by tuksedara
This is much less traffic than my other captures, but this is the only screenshot that I have..
Gateway? It’s a stupid Prolink ADSL router that doesnt even have ssh, no firewall etc2. Web config bape page je. Malas nak cite la, hampeh sgt..
Comment left on 6.8.2006 by shakir
terbalik la tuksedara; capture only, dont see see..
Comment left on 6.8.2006 by shakir
tulisan dalam gambo tu kecik sangat la. tak nampak ape dier buat. bagi la gambo hok besar lagi. baru la paham sikit.
Comment left on 6.16.2006 by ina nii….
saje je. kang nampak sume, kena marah kat bos @ org2 kat sini, haha
Comment left on 6.16.2006 by shakir
Thought of applying iptables after the arp poisoning stuff, but it’s a pity that I dont have iptables enabled in the kernel. So much for the minimalist, huh. One way arpoison would do the trick, but they wouldn’t even be able to surf the web, huhu. Let them suffer first before my kernel finish compiling (if I ever will).
Comment left on 6.20.2006 by shakir
Careful with ettercap
– especially with the arp cache flooding and poisoning schemes. etherape gives you great visualisation. You can be evil kill or rate limit the culprits connection. QoS comes to mind.
For further packet monkeying activities better get a switch that allows port mirroring ehem.
Comment left on 6.22.2006 by adli
I always do (been trying to avoid from seeing displayed passwords)
Comment left on 6.22.2006 by shakir