Question Re: Packet Sniffers

[CrackaLackaZe]

Say I'm on the campus wireless network with my 802.11b/g laptop, and I'm surfing and IMing. Can anyone with a packet sniffer like ethereal (that's on the same network) intercept the packets I'm sending/recieving?

 

[phisrow]

I don't know the details(and wouldn't admit it if I did); but the answer in general is "maybe". If your campus just has an open network(maybe with a little browser based login window before you can actually hit the internet) intercepting your packets should be quite trivial. If some sort of WEP is going on(unocommon for public use networks) than it is possible; but somewhat more trouble. If your campus is one of those that demands that you connect via VPN through the wireless you should be pretty safe indeed. For reference, I've been on campuses that have zero authentication, campuses that have a login page, and campuses that route all wireless traffic through some sort of Cisco VPN widget. I don't know what your situation looks like; but it ought to be similar to one of those.

 

[ScottMac]

It's wireless: your traffic can always be intercepted and captured.

If encryption is enabled, then the captured traffic is encrypted to whatever level ...

If the interceptor is running the right software, and the network is only running WEP, then the interceptor can eventually ( ~hours) break in and use the network and decrypt the traffic in real time (as it's captured).

If the network is using WPA-PSK with weak passphrases, then a dictionary or bruteforce attack can eventually break in and get on the network and decrypt the traffic in real-time (as it's captured).

There are some other scenarios, but you probably get the idea.


FWIW

Scott

 

[CrackaLackaZe]

So if the traffic is running a 128-bit encryption, it'd be pretty damn hard to get through huh?

 

[spidey07]

Originally posted by: CrackaLackaZe
So if the traffic is running a 128-bit encryption, it'd be pretty damn hard to get through huh?

nah, couple hours of capturing the traffic on a busy network.

wireless can be hacked, no matter what. No matter what methods are used it can be hacked.

<---was at Cisco Networkers conference in 2003 in LA and the wireless net got hacked.

so the answer to your question is - yes, somebody can intercept and decode what you are doing.

 

[ScottMac]

Regardless of the WEP key-length used, it's still a 24 bit IV, and is very vulnerable to anyone with even a little determination.

Fortunately, on a college campus, most of the motivated people aren't into hacking ... they're into getting good grades to make Da BIG bucks when they escape (er... are graduated).

Maybe someday, I'll get to go to college too .....

Retirement's only a few decade away.


FWIW

Scott

 

[MercenaryForHire]

Originally posted by: CrackaLackaZe
Say I'm on the campus wireless network with my 802.11b/g laptop, and I'm surfing and IMing. Can anyone with a packet sniffer like ethereal (that's on the same network) intercept the packets I'm sending/recieving?

Short answer - Yes.

- M4H

 

[halfadder]

Cain is also a useful packet sniffer. It can also poison the ARP tables in a switched network or a WAP, allowing for all sorts of wicked things... such as redirecting web requests to a rogue server or causing all packets to be echoed to the entire LAN, letting anyone sniff all of the network's packets.

You're not safe with wireless, you're not safe with a switched ethernet network. Be careful and use as much security and encryption as you can.

 

[spidey07]

Originally posted by: halfadder
Cain is also a useful packet sniffer. It can also poison the ARP tables in a switched network or a WAP, allowing for all sorts of wicked things... such as redirecting web requests to a rogue server or causing all packets to be echoed to the entire LAN, letting anyone sniff all of the network's packets.

You're not safe with wireless, you're not safe with a switched ethernet network. Be careful and use as much security and encryption as you can.

fortunately good switches have means to prevent arp poisoning and other layer2 attacks.