EvilZone
Hacking and Security => Hacking and Security => : hack3rcon September 29, 2015, 10:12:26 PM
-
Hello.
Firefox and other browsers have some Addons that can show the web page is secure or tracked by someone or not. How about local network? Can Plugings or any tool exist that alert me about sniffing traffic in local network?
Thank you.
-
You're referring to a network-based IDS/IPS, they can alert you to suspicious network traffic and keep logs of it. Though I don't think any exist specifically as a browser addon.
There are a lot a free ones available; Snort is one of the more commonly used. A google search will turn up a list for you.
-
You're referring to a network-based IDS/IPS, they can alert you to suspicious network traffic and keep logs of it. Though I don't think any exist specifically as a browser addon.
There are a lot a free ones available; Snort is one of the more commonly used. A google search will turn up a list for you.
Thank you. I know Snort is commercial but how about Suricata-IDS? An IDS/IPS can help me about sniffing the traffic?
-
Thank you. I know Snort is commercial but how about Suricata-IDS? An IDS/IPS can help me about sniffing the traffic?
That's an overkill if you're on your personal home network. Even if you wanna setup some form of IDS/IPS it's not that simple as pushing a button. You have to configure databases, go through various config files, etc. lot of hassle in the end not even worth it if all you wanna do is prevent your box from being a target of man in the middle attack.
Arp spoofing is one of the ways a man in the middle attack takes place on a switched network. What you can do by the way is setup a static arp entry table for the gateway so that you are not vulnerable to arp-spoofing based attacks and it's quite simple.
I'll be demonstrating the case for Linux, for windows it'll probably something similar.
If you type "arp -a" you'll see the mac address as well as the ip adress of hosts in your arp table, including your gateway (router).
Example:
# arp -a
login.yournetwork.com (192.168.1.1) at 90:2b:34:7a:b4:64 [ether] on wlan0
Note the initial ip and mac address of your gateway and substitute with the command below.
arp -s [ip address] [mac address]
Example:
# arp -s 192.168.1.1 90:2b:34:7a:b4:64
Congrats your static arp entry is ready , the way you can confirm this is by issuing "arp -a" command again and you'll see the "PERM" flag on your gateway.
# arp -a
login.yournetwork.com (192.168.1.1) at 90:2b:34:7a:b4:64 [ether] PERM on wlan0
Btw, this is only temporary cos if you reboot your box the static entries would go away so either you have to manually do this everytime or you can try setting up a script so that everytime your interface goes up it executes the script and sets up static arp entry before connecting to the network. Persistent static arp entries might cause issues when connecting to different networks so just roll with the temporary solution for now.
-
How about "TCPDUMP" ?
-
How about "TCPDUMP" ?
Tool for different purpose (that's for analyzing packets in general, not really for detecting sus stuff unless you're going to grep it) - you want to use SNORT but note that you won't detect passive sniffing only active (you shouldn't be able to detect passive sniffing since that's the entire purpose of passive).