Playing with a Network

Cain and Abel still work perfectly fine even with 1000 clients at once.

It's a virus ridden skid pos and you should feel bad for using it.

...

The most basic exercises are:
>Sniff the password of an FTP connection
>Get the URLs a user visits
>Spy on an IRC conversation

>started monitoring my network at my job.

If you're not an IT employee/admin at your company, IT/admins might have a problem with that if they find out. They'll probably not like random employees monitoring traffic. On a fully switched network you should only receive subnet broadcasts in addition to frames that are explicitly directed to your host, but that still can give you a lot of info that IT might consider being none of your business.

isn't irc encrypted?
not an irc user, so sorry for the stupid question

protocol: http
info: POST/GET
this is usually how you find out what the person you're monitoring has typed/entered

>i dont know the difference between a hub and a switch
>i dont know what a SPAN port is

>I dont know what ARP inspection

Traditionally, no. You can optionally use it over TLS these days though.

What is the point of irc? I tried using one to help me get unbanned from 420chan but it was a pain in the ass!

Think high sea shipping lanes for hackers

>What is the point of irc?

chatting with other sperges, bots, hackers.

It was what we used before the days of IM and fagbook.

check'd

Are you just running Wireshark on your local desktop at work? If so, you're not going to see shit because you'll only be sniffing your own traffic.

Cain doesn't work on any enterprise-grade router made in the last 10 years, bro

How do I sniff traffic on the whole network then? I work at a verizon store and my manager told me to check our network because some shady customers connect to it.

>started monitoring my network at my job
"How to get fired"

Plug into the hub, or redirect traffic through your machine.

You already had the answer to this question. How dense are you?

Wow fuck that lol

If you have a single Layer 2 switch for all the traffic, then you can set up one of the ports as a mirror port and plug your laptop into that. If it's much more complicated than that then you'll need to provide us a network diagram.

You punk bitch kids have it too cozy these days. Be grateful.

Any "hub" purchased in the last 5-10 years is actually a layer 2 switch and not a true hub. And any decent switch/router will have automatic ARP flood protection to prevent skiddie shit like Cain from working,

Cool. So what would happen if you changed your MAC to the same as another client on the layer 2 switched network? Would you be able to pick up the same frame as the other client simultaneously?

what do you mean, the user admitted that arp poison only works against vulnerable networks

i use wireshark daily and still can't think of something "fun" just sitting there and looking at traffic. wireshark gets fun when you want to know something and you need packet analysis and you follow the connections to get your answer

I recommend getting a cheap switch that supports mirroring, put it between your network and your router or between your router and modem for the best capping. Netgear, mikrotik, or even just a custom pc with 2 network cards (some more involved setup using a pc but still simple if you just find a tutorial or just know how to bridge interfaces)

some fun things to do is look at the dns queries and see where people are fapping. can also run the stats and who's fapping to hd and who's fapping to 380p

check out the book practical packet analysis 2nd edition, there's a pdf of it out in the wild and it's easy to follow and even has example caps on the website so you can practice using the interface and entering filters etc

that gook is also a great starter on learning networking in general from the bottom up.

It depends on the router/switch. On old shit, yes, you would receive two frames out 2 ports. On modern-day stuff it's going to either A) Update the MAC table with your information and only forward frames down your port or B) Not update the MAC table and continue sending the frames down the original port

Enterprise-class devices are usually smart enough to detect when shenanigans are afoot and will completely disable one or both of the conflicting ports until a network administrator intervenes, which is obviously bad if you're trying to hide your network spoofing.

interdasting. thanks for the info.

assuming the switch can do it this is the correct approach

another thing would be to drill it into their head that the customer accessible network should never be a concern outside of wan rate limiting because that network should be separated from the corporate network

are your switches and network drops vlaned out?

Asked in the stupid questions thread, but I'll ask here in the wireshark thread as well. What's with this netbios traffic from my laptop? An user said the IPs were all asia/middle east.

if you want to turn it off check out your adapter settings and disable the microsoft services. wont remove all the guff but lots of it

The fact that you have NetBIOS traffic trying to reach publicly-routable IPs from your laptop is pretty concerning.

148.0.106.186, for example, appears to be somebody's home network in the Dominican Republic. That's probably not good.

>p.s. I had permission to PEN test and nothing illegal was done.
this kind of fear is sad, why would he have to explain this? this isn't freedom.

>He can't be arrested for this,
>he shouldn't be in "the list" cause some post on Sup Forums.
>worst thing is that he is in "the list" even with his "PEN test" alibi that nobody buys

The more machines on the VLAN, the more you can learn from the broadcasts tho.

whatdoes a paranoid person have to do with freedom? he's not going to get blackbaged for saying he scanned a network

well, maybe in russia or china

This

95% of the time it's "hello, my name is such and such in NetBIOS" queries.

or has a public IP.

yeah, like

>oh god, and apple user is here

>oh lol, they have dropbox localsync enabled

how do kids boot people off Xbox/PSN

pretty easy to run a pakcet sniffer to pick up ip's, but what do they do once they have the IP's?

I think what they have now is fairly bland. The 90s/early to mid 00s were far more exciting. They missed the golden age of personal computing, and don't even have a clue. Sad.

how to find a good irc channel and don't be gtfo instantly?

NetBIOS is not supposed to be routed over the public Internet, it should be blocked at the network gateway by a firewall.

You can't really do anything with broadcasts, though

DDoS and/or lag switch

I know but it's good for us old fucks to have something to lord over them.

lurk. be respectful. use a proxy.

p2p is very rare in gaming even voice chat should route via the host server i thought

some games you can trick the host into revealing IPs but back in the day we'd just get people to join our vent and then we have it

I help my brother DoS faggots with my server but he only has a 360. Works for all of his FPS games.

how do you associate the IP to the specific fag you're griefing

Host has the most packets.
Just love tap everyone else and figure out who it is.
I wrote some shitty program in python that does it automatically but most people actually still use cain, believe it or not.

pretty baller

im not surprised a service based on a microsoft's masterful designs is so exploitable

they really do believe security is an extra feature that should be sold as an upgrade later

should, but clearly isn't in this case.

How to pinpoint the process which sends out a series of SNMP get-request UDP datagrams periodically?

should I at least say hello when entering a channel or that sounds annoying because I don't know anyone yet?

Is there any way to capture packets from a network you don't actually have the password to? For example, people in an apartment or school residence.

Sure, you can capture packets all day long. You just can't read them.
Spoof their network and have them put the password in for you. Or, if it's something shitty like WEP, crack it. Not rocket science.

Ok, nevermind, it was apparently the print spooler service trying to poll a network printer on a network the machine was on in the past.

(Still, any tips how to generally best go about finding the source of suspicious traffic?)

>muh skids11111111
>virus ridden
Prove it

It's WPA2 and I've tried cracking it in the past to no avail.

How do you spoof a network? I've only ever heard of spoofing MAC or IP addresses. Thanks, by the way.

>create network with same name
>spoof de-authentication packets from original network and spam at target
>can't use original
>they try to connect to yours
>????
>profit
I've been too lazy to see if you can just capture the password so I do a one-time "confirm your internet password" thing.
Works most of the time.

Much appreciated.

saying hello is the first sign that you are a skid, sperg or just a clueless fag. just DONT

Have something interesting to contribute, and know how to hardchat. Don't be a pussy when being hardchatted, kicked, banned, or /topic'd when first joining a new server; your ass is being tested on if it fits in. Finally, use a bouncer.

what is a bouncer

sound like good advises, thanks anons

Pretty much an IRC proxy, with added features such as keeping your session opened.

I recommend ZNC, but it has been years since I used IRC so maybe something else better has come around since. Here is a good resource to get you started on hosting a ZNC bouncer: wiki.znc.in/ZNC

The only difficulty with bouncers is that not many web-hosts will allow you to run one.

To add to this don't run a bouncer on your local machine, host it somewhere preferably not tied to your IRL. There is zero point running a bouncer locally. The site doesn't make that clear.

You can host a bouncer on IRCcloud for $5/month.

>windows
no

Bouncers are for gui babies, just use tmux or screen.

god you're such a neet loser i see you post in every thread

just fucking end your life faggot

just filter him or shut the fuck up

youre not going to learn much staring at pcaps and not knowing how anything works.
read some basic networking books then come back to it and things will click

you could always flood the switch with mac addresses turning it into a hub basically. ive found that very few switches have any kind of port-security.

>you could always flood the switch with mac addresses turning it into a hub basically. ive found that very few switches have any kind of port-security.
And doing this at work is a very good idea, you think?

>Using Cain & Abel
>At work

>Wow fuck that lol
Fucking summer.