Question Re: Packet Sniffers

CrackaLackaZe

Senior member
Jun 29, 2002
922
0
76
Say I'm on the campus wireless network with my 802.11b/g laptop, and I'm surfing and IMing. Can anyone with a packet sniffer like ethereal (that's on the same network) intercept the packets I'm sending/recieving?
 

phisrow

Golden Member
Sep 6, 2004
1,399
0
0
I don't know the details(and wouldn't admit it if I did); but the answer in general is "maybe". If your campus just has an open network(maybe with a little browser based login window before you can actually hit the internet) intercepting your packets should be quite trivial. If some sort of WEP is going on(unocommon for public use networks) than it is possible; but somewhat more trouble. If your campus is one of those that demands that you connect via VPN through the wireless you should be pretty safe indeed. For reference, I've been on campuses that have zero authentication, campuses that have a login page, and campuses that route all wireless traffic through some sort of Cisco VPN widget. I don't know what your situation looks like; but it ought to be similar to one of those.
 

ScottMac

Moderator<br>Networking<br>Elite member
Mar 19, 2001
5,471
2
0
It's wireless: your traffic can always be intercepted and captured.

If encryption is enabled, then the captured traffic is encrypted to whatever level ...

If the interceptor is running the right software, and the network is only running WEP, then the interceptor can eventually ( ~hours) break in and use the network and decrypt the traffic in real time (as it's captured).

If the network is using WPA-PSK with weak passphrases, then a dictionary or bruteforce attack can eventually break in and get on the network and decrypt the traffic in real-time (as it's captured).

There are some other scenarios, but you probably get the idea.


FWIW

Scott
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Originally posted by: CrackaLackaZe
So if the traffic is running a 128-bit encryption, it'd be pretty damn hard to get through huh?

nah, couple hours of capturing the traffic on a busy network.

wireless can be hacked, no matter what. No matter what methods are used it can be hacked.

<---was at Cisco Networkers conference in 2003 in LA and the wireless net got hacked.

so the answer to your question is - yes, somebody can intercept and decode what you are doing.
 

ScottMac

Moderator<br>Networking<br>Elite member
Mar 19, 2001
5,471
2
0
Regardless of the WEP key-length used, it's still a 24 bit IV, and is very vulnerable to anyone with even a little determination.

Fortunately, on a college campus, most of the motivated people aren't into hacking ... they're into getting good grades to make Da BIG bucks when they escape (er... are graduated).

Maybe someday, I'll get to go to college too .....

Retirement's only a few decade away.


FWIW

Scott
 
Jan 31, 2002
40,819
2
0
Originally posted by: CrackaLackaZe
Say I'm on the campus wireless network with my 802.11b/g laptop, and I'm surfing and IMing. Can anyone with a packet sniffer like ethereal (that's on the same network) intercept the packets I'm sending/recieving?

Short answer - Yes.

- M4H
 

halfadder

Golden Member
Dec 5, 2004
1,190
0
0
Cain is also a useful packet sniffer. It can also poison the ARP tables in a switched network or a WAP, allowing for all sorts of wicked things... such as redirecting web requests to a rogue server or causing all packets to be echoed to the entire LAN, letting anyone sniff all of the network's packets.

You're not safe with wireless, you're not safe with a switched ethernet network. Be careful and use as much security and encryption as you can.
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Originally posted by: halfadder
Cain is also a useful packet sniffer. It can also poison the ARP tables in a switched network or a WAP, allowing for all sorts of wicked things... such as redirecting web requests to a rogue server or causing all packets to be echoed to the entire LAN, letting anyone sniff all of the network's packets.

You're not safe with wireless, you're not safe with a switched ethernet network. Be careful and use as much security and encryption as you can.

fortunately good switches have means to prevent arp poisoning and other layer2 attacks.