So, if you're like me at my work, I sometimes need a dumb hub or something similar so that I can monitor a "black box". By that I mean I have a VOIP phone or something else where I need to see the packets which are being transmitted to and from the device. I originally thought I could do something with IPTables, but it turns out that I couldn't find anything to do so. (Ettercap probably uses IPTables somehow. I just haven't looked deep enough.)
The problem:
1. Regular layer 2 or layer 3 switches only forward the information to the computer it is destined for.
2. A hub can't be purchased anywhere.
The solution:
Ettercap. Ettercap can be used for some very mischievous purposes... or to see what is happening to your "black box". We'll use it for the 2nd purpose.
Requirements:
A linux box with 2 ethernet adaptors.
ettercap.
The command:
ettercap -Tq –i eth0 -B eth1 or use whatever interface you want in place of eth0 and eth1
Then all you have to do is open another terminal and use tcpdump to get all of the packets to and from your black box!
Source:
http://www.devshed.com/c/a/Security/LAN-Reconnaissance/3/
Wednesday, January 7, 2009
Subscribe to:
Posts (Atom)