Recommended Posts

Hi,

 

Im using an IP based messaging app called netcat on linux terminal. I can send messages directly to a computers IP and receive back in a way its not encrypted, as shown below:

packet_149.jpg

 

but when Im sniffing the packets from a third computer ( on my own WLAN ) im getting them in LLC protocol instead of TCP and I cant see the data (I think its encrypted or scrambled ) as shown below:

all_packets.jpg

 

withoutarp.jpg

 

Any idea whats the problem? or how can I extract the data? I tried ASCII, UNICODE and Hex translation to string nothing worked.

 

Here is the Hex pcap file for wireshark on GoogleDrive, I hope someone could help me with this issue.
https://drive.google.com/open?id=0B4dE5ujOQI6RdENRclc0TDhlNzA

Why would you think netcat would be using LLC to communicate.. netcat is a not messaging app, while sure you could use it for that - that is not is primary purpose.  And you sniffing LLC packets is never going to show what you sent in text between machines..

 

What port did you use to do your chatting with???  That 556 in your picture of sniff with actual tcp?

 

You do understanding sniffing on a 3rd computer would not see packets between machines A and machine B on a switch..  The traffic is unicast, not multicast or broadcast.  Why would the switch push the packets out the port that is not the 2 mac's talking to each other..  If you want to monitor traffic between two devices using a switch, you would need to setup a monitor/span port on the switch and sniff on that port..

 

 

  On 19/12/2016 at 11:51, BudMan said:

Why would you think netcat would be using LLC to communicate.. netcat is a not messaging app, while sure you could use it for that - that is not is primary purpose.  And you sniffing LLC packets is never going to show what you sent in text between machines..

 

What port did you use to do your chatting with???  That 556 in your picture of sniff with actual tcp?

 

You do understanding sniffing on a 3rd computer would not see packets between machines A and machine B on a switch..  The traffic is unicast, not multicast or broadcast.  Why would the switch push the packets out the port that is not the 2 mac's talking to each other..  If you want to monitor traffic between two devices using a switch, you would need to setup a monitor/span port on the switch and sniff on that port..

Expand  

Thanks for the reply man, I have just learned a lot.
Im using netcat because its the only method I've tried and was able see the information directly,if you know any better way please share with me.
 

I didnt think about the ports problem and you are right, is there any way to sniff from a specific port on the target machine? so I could actually see the information (assuming I know the port already), maybe using wireshark or other tool?

You can sniff on either the sender or the receiver machine directly with tcpdump for example in linux..  Or wireshark sure, if you wanting to sniff this traffic on a 3rd machine on a switch.  Then as I stated you would have to setup a span/mirror/monitor port..

 

spanport.png

 

https://en.wikipedia.org/wiki/Port_mirroring

 

What switch do you have?  Is it a smart switch, if its some dumb switch then it would not support the feature you need to be able to sniff traffic between 2 different machines on the switch from a 3rd machine.

 

As to sending other users text from linux shell.. There is wall, there is echo if you know their term number, there is write there is mesg.. What exactly are you wanting to accomplish - are you just trying to play with sniffing?

  On 20/12/2016 at 11:25, BudMan said:

What switch do you have?  Is it a smart switch, if its some dumb switch then it would not support the feature you need to be able to sniff traffic between 2 different machines on the switch from a 3rd machine.

 

As to sending other users text from linux shell.. There is wall, there is echo if you know their term number, there is write there is mesg.. What exactly are you wanting to accomplish - are you just trying to play with sniffing?

Expand  

Actually I'm using my own cellphone to create WLAN AP, and using it as a router/switch. im executing arpspoof on one of the computers that are talking with netcat, the arpspoof is working but I see the packets in LLC instead of TCP.

and yes im just trying to play with sniffing and learn the basics.

 

I belive that even if ill use a different type of "messaging" method , the problem with the ports will remain the same. Can the port mirroring be executed from another user in the network or only the host can perform port mirroring on his own machine? any tools avaible to do so?

So your trying to sniff on wifi??  What are you sniffing with? Your only seeing LLC packets - that has NOTHING to do with your netcat traffic.

 

How exactly are you using arpspoof?  Are you wanting to see the traffic sent to his mac as well.. So now you have duplicate macs?

 

What are you using to sniff with?  sniffing wifi is a bit different then sniffing on ethernet network.. I assume your using wireshark??  If so here is info on sniffing on wifi

 

https://wiki.wireshark.org/CaptureSetup/WLAN

 

To be honest if your just learning about sniffing - I would do it via a wired network first, then you can move on to wifi sniffing..  Its a completely different ball game..  And depending on your wifi card, you may or may not be able to use promiscuous mode, etc.  As to setting up a span port, that is done on the switch, not a machine..

 

Why are you doing arpspoof on one of the machines that is actually involved in the conversation using netcat??  Makes zero sense to do that..  Arpspoof is normally used as a way to poison a clients arp cache to make it look like your the gateway IP of the network, so all traffic leaving the network would be sent to you, which you would then forward on.  But since he sending you all his traffic you can capture his traffic... This is not a I want to learn about sniffing first step ;)

 

So if you want to learn about sniffing, packet capture, network analyzers or protocol analyzers.  Wireshark, tcpdump, Capsa, Microsoft network monitor, etc. etc. What I would suggest is you get a smart switch (approx $40 could you basic smart gig smart switch), so you have the ability to do port spanning, etc.  And start there.. I would suggest you maybe grab http://www.wiresharkbook.com/wireshark101.html

 

I would really read up on tcp/ip in general - say something like https://www.amazon.com/TCP-Guide-Comprehensive-Illustrated-Protocols/dp/159327047X

 

Once you understand how tcp/ip works at a protocol level, then you can move on to how it works over wifi ;)  and or then you can start playing with stuff like arpspoof, or the whole dsniff suite.. And stuff like ettercap..  Which is next level stuff after you have gotten the basics down ;)

This topic is now closed to further replies.
  • Posts

    • I don't usually complain about articles here, but this is just ridiculous, you couldn't ask your precious AI to write something about tech instead? This literally has nothing to do with tech.
    • Microsoft's "Athena" AI: A blueprint for your own dev team's productivity boost by Paul Hill Last month, Microsoft made many developer-oriented announcements at its annual BUILD conference. One of the tools that it announced at the time was called Athena, an artificial intelligence agent that lives in Microsoft Teams and aims to speed up product development processes. Now, however, Microsoft has released the blueprint of Athena so anyone can begin implementing a similar helper for their work. Rather than just another chatbot, Athena is a deeply integrated agent accessible through Teams that helps to connect people, tools, and data throughout the product development process. Athena is smart enough to work out what needs to happen next and helps team members get it done without having to go to different applications - Athena controls it all from Teams and you just have to communicate in natural language. Athena can be embedded in several developer workflows including Teams, Azure DevOps, and GitHub. Perhaps the greatest thing about Athena is that it’s not a new product being sold by Microsoft, but rather a methodology and open-source template (Dex) that organizations or individuals can take to build their own AI agents, allowing for more customization. To get started with Athena, you'll want to set up the Dex agent. Microsoft has also published a breakout session video about Athena so you can take a deeper dive. Who it affects, and how The primary beneficiaries of Microsoft’s decision to release Athena open source are engineering teams everywhere who will be freed from boring, repetitive tasks such as pull request (PR) reviews, work item management, and security checks. This will let them get on with coding new features and innovating - something that Microsoft has been pushing hard for since the start of the latest AI revolution. For product managers and engineering leaders, Athena also looks set to be incredibly useful as they will get better real-time visibility into the status of projects, if a release is truly ready for launch, and to ensure the team is aligned. Organizations from small to large will be able to benefit from using Athena. Due to its open-source nature, Athena can be tailored to meet specific development processes. This could unlock faster delivery cycles and improve code quality across the board. Why it's happening Athena is already being used internally at Microsoft by over 2,000 of its engineers. The Redmond giant explained that this has led to “measurable gains” in speed, quality, and focus. Aside from faster review cycles for developers, Athena is also surfacing release-blocking bugs earlier, enabling the consistent completion of security and privacy workflows, and providing quicker health assessments so that teams can gauge the overall health of their software delivery. By handling all these more boring tasks, Athena can free up developers to build more features into their projects. It also has the potential to speed up delivery times so that end users can use the new software faster, and with potentially less bugs. We often hear the term “democratization” in tech, a process that makes technologies more accessible and affordable. According to this definition, Microsoft’s release of Athena delivers on democratizing AI for developers as its open source and allows people to integrate AI Into their workflows, without starting from scratch. The move also aligns with Microsoft's AI strategy, that is, putting it all throughout its products. Copilot is probably the most notorious for its omnipresence in essentially every Microsoft product including Windows and Edge. Unlike Copilot, developers get a bit more freedom with Athena, but it’s still tied up with Microsoft products, namely Teams and GitHub. Caveats and what to watch for While it’s great that Microsoft is making its Athena blueprint accessible, one issue is that developers may still find it a bit complex to implement as there are still specific customizations organizations will want to make. Additionally, this solution involves a more involved setup process as outlined in the GitHub README. Another thing organizations should be wary about is data privacy and security implications when it comes to integrating with sensitive internal systems. Organizations that are working on secretive projects probably wouldn’t want to use Athena as this could put sensitive code in the hands of third parties. It’s not only technical issues that need considering either, there is also the human element. Some people may have concerns about AI hallucinating or ethical concerns around job security that could hurt adoption. To this end, Microsoft has reaffirmed that Athena is supposed to assist teams only, not replace team members. While Athena can be extremely useful, as shown by the results internally at Microsoft, human oversight and judgment will still be vital. Complex decision and creative problem-solving in development are some areas where a human still needs to be involved. Source: Microsoft
    • How could it not be optional? ChatGPT isn't going to guess people's credentials :P
  • Recent Achievements

    • First Post
      James courage Tabla earned a badge
      First Post
    • Reacting Well
      James courage Tabla earned a badge
      Reacting Well
    • Apprentice
      DarkShrunken went up a rank
      Apprentice
    • Dedicated
      CHUNWEI earned a badge
      Dedicated
    • Collaborator
      DarkShrunken earned a badge
      Collaborator
  • Popular Contributors

    1. 1
      +primortal
      383
    2. 2
      +FloatingFatMan
      176
    3. 3
      ATLien_0
      169
    4. 4
      snowy owl
      169
    5. 5
      Xenon
      133
  • Tell a friend

    Love Neowin? Tell a friend!