Elementary security question


Recommended Posts

So much of the network sniffing talk is about wireless, where all the bits are flying everywhere in the air. I'm wondering about something different though...

Say that there are several computers connected by wire to a soho router (in parallel, not serial, of course). One of them is not trusted and owned by an attacker. Ok, also assume that they can't break the router's admin password.

Would the bad guy be able to sniff or do bad things to traffic that goes between the other physically connected computers and the router?

Link to comment
Share on other sites

I don't think so because a router/switch only sends packets to the corresponding computer it's assigned to. Hubs used to just send the packets to everyone which also cluttered the network, so I'm guessing if they were on a hub, he could.

I probably am wrong about this. It's what my very limited knowledge knows.

Link to comment
Share on other sites

he could always send traffic to other computers, but as to sniffing -- without flooding the switch to have it fail open and send all packets to a every port the only traffic he would see while sniffing is broadcast traffic, arps, multicast traffic. He would not for example see your traffic between your machine and neowin.net

But sure he could for example do a arp spoof of the routers mac and have your machine think his machine is the gateway and send all traffic to his machine.

A switch normally keeps someone from sniffing all the traffic, but an "attacker" can do things to change this yes - its not 100% protection against sniffing.

And you will see all the broadcast traffic, which can be very useful info -- I really suggest you grab wireshark, and do a bit of sniffing to see what kind of traffic you see, etc.

  • Like 2
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.