background image

 

1. Overview

 

 

   
When the typical end user sends an instant message to his friend or family member 

on the other side of the world, he might not give much thought to the technology that 
makes it happen. The end user simply types the message in a window, and when they hit 
the 

Enter

 button, the message is magically transported to their friend’s screen. While this 

appears to be an instantaneous relay of data, in reality the message passes through a 
legion of interconnected hardware devices that process the data before it arrives at its 
destination. 

  
Although it seems easy, the technology responsible is very complex and requires an 

in depth understanding of communication protocols and how they are used by hardware 
devices to pass and control data flow. A network administrator must understand the use 
of hubs, switches, routers, TCP/IP, SMB and more in order to audit or debug network 
communication. This brings us to the sniffer. 

  
A sniffer is merely a data collection tool that allows its user to see what data is 

passing on a network. This tool can come in the form of a simple software program 
included with an OS (e.g., Windows Network Monitor, AIX iptrace) or as part of a 
complex and very expensive hardware device (e.g., $40,000 GTX Multi-protocol 
analyzer) that can handle multiple network lines and GBs of data. Though it is just a tool, 
it, like many other simple tools, can be used for good or evil. For example, a sniffer can 
help an administrator find a malfunctioning network card, just as easily as it can help a 
malicious hacker monitor network traffic for user names, passwords, or other sensitive 
data that could be abused to gain unauthorized access to a network. 

  
This manual will describe how a sniffer works, and how it can be used to help you 

troubleshoot a networking problem. We will also demonstrate methods in which you can 
use a sniffer to troubleshoot applications that require network access to function. In 
addition to these legitimate purposes, we will also illustrate how a hacker can abuse a 
sniffer to gain access to private information.  Hackers already know how to do this, so it 
is imperative that you learn their attack methods so that you can properly protect your 
networks.  

  
2. Sniffer Fundamentals 

  

Note: The following document is more than a user’s manual; it is also our attempt to 
help educate you on the science of sniffing.  We hope you will take the time to read this 
entire manual so that you will be better equipped to defend yourself and to audit your 
own wireless networks.

 

Содержание Mobile Sniffer

Страница 1: ...Airscanner Mobile Sniffer For Windows Mobile Pocket PC Technical Whitepaper and User s Guide Level ___ Beginner _x_ Intermediate _x_ Advanced ___ Expert Estimated Reading Time 60 minutes...

Страница 2: ...r TM Mobile Sniffer packs the power of a full scale sniffer into an application for portable devices Once your Windows Mobile device is linked to the network Airscanner TM Mobile Sniffer monitors all...

Страница 3: ...006 Airscanner Corp Please ask permission before redistributing this software or user s manual Version History Version 1 0 released April 30 2003 Version 1 02 released May 7 2003 Version 2 0 released...

Страница 4: ...ace or as part of a complex and very expensive hardware device e g 40 000 GTX Multi protocol analyzer that can handle multiple network lines and GBs of data Though it is just a tool it like many other...

Страница 5: ...his is because there are several major types of wireless network cards WNICs available on the market Fortunately these have become more standardized across OEMs especially now that built in WiFi cards...

Страница 6: ...etwork to see if any of the data is labeled with its MAC address If there is a match the data is passed up to the next layer in the protocol stack and ultimately to the program to which it was sent Ho...

Страница 7: ...access to it 2 3 ARP Spoofing As we have previously discussed the existence of a switch in a network is a serious obstacle to a sniffer Due to a MAC IP table traffic from one NIC will only be passed...

Страница 8: ...f the technical aspects of the filtering language most filters are very similar in appearance and are easy to understand The following represents two filters one from Ethereal which is the most common...

Страница 9: ...is time to take a look at how you can benefit from Airscanner Mobile Sniffer In addition we have included a section on Ethereal to help you prepare for future analysis of collected data from Airscann...

Страница 10: ...orrectly Symptoms of a problem include obvious error messages program crashes or the lack of promiscuous mode during an otherwise normal sniffing session 3 1 3 Installation Assuming you have met all t...

Страница 11: ...outline the usage features of Airscanner Mobile Sniffer It assumes you have Airscanner Mobile Sniffer installed and working properly To use Airscanner Mobile Sniffer locate the MobileSniffer icon in...

Страница 12: ...apters are usually not easy to understand 3 1 5 Menus Airscanner Mobile Sniffer is laid out in a functional and logical format There are two menu options on the menu bar at the bottom of the pocket PC...

Страница 13: ...o review This option was included to let you make the decision if you wanted the old data erased or not It is set by default to clear the screen at the start of each capture session Promiscuous Mode A...

Страница 14: ...is is set at a default of 100 packets This is a conservative setting but we prefer to allow you to increase this setting to a higher value as your Pocket PC device permits If it is too high you could...

Страница 15: ...e Sniffer This option is covered in detail in the filtering section Enable Filter By default filtering is not enabled when sniffing However if you want to narrow down the collected data to an exclusiv...

Страница 16: ...ets the capture files View Packet Details While knowing the IP address and MAC address of each packet is useful the real power of sniffing is knowing what is inside the packet This option gives you th...

Страница 17: ...to define where on the pocket pc you want to save the capture file Like the Save Packets to option this will help you control where to store data to avoid overflowing the pocket pc s device Start Sto...

Страница 18: ...This can help you narrow down traffic to a particular service Port Number The port number is important because it often indicates the reason for the traffic For example port 80 is the default port use...

Страница 19: ...2 2 Installation on Windows Installation varies depending on the platform Because 98 of people using this program employ either a Linux distribution such as RedHat or a Windows operating system we wil...

Страница 20: ...d files Text2Pcap Tool for converting raw ASCII hex to libpcap format packet capture files Mergecap Tool for merging several capture files into one file 6 6 Finish installation 3 2 2 4 Running Etherea...

Страница 21: ...e data in the packet Packet Detail This window contains more detailed information about the packet such as MAC addresses IP address packet header information packet size packet type and more This is f...

Страница 22: ...card must be able to receive and transmit data If the card does not work properly before using Ethereal it will certainly not work while it is running In addition if you are using a WNIC you might be...

Страница 23: ...he ring buffer to create numerous files in case you collect the maximum number of packets required to fill up the first file it allows you to capture infinite amounts of data You can also adjust name...

Страница 24: ...e Ethereal window In this example we will create a filter for AIM and Quake Quake is a multiplayer game whose mastery is an essential prerequisite for any competent security professional However if yo...

Страница 25: ...ntences we stop the capture and let Ethereal load the data into the packet display windows At this point we have a great deal of commingled data How can we sort through this data to find our chat sess...

Страница 26: ...g 4 Troubleshooting If you experience problems with Airscanner Mobile Sniffer please review the following symptoms to help guide your trouble shooting efforts Unable to set mode This error is given wh...

Страница 27: ...in a sniff session Is this normal YES This is why any wireless network MUST be encrypted Email instant messages web pages and other tidbits of data are easily captured and read by a network If you can...

Страница 28: ...IDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON A...

Отзывы: