How to sniff on my airport network
Sooo. People are using my airport network and, hey, my line is a killer so blow yourself away.
But since they are invading my apartment with their ugly radiowaves and I am a bit worried about those bytes sent through the air could be unhealthy I would like to examine them a bit (pun intended).
So I found this: www.etherpeg.org and was about to try it until I found out I had to compile it myself. And I refuse to geek out like that...
So do anyone know where to find something that doesn´t require me to compile it? Or would someone compile it for me in an ethernet and an airport version?
And what do "pun intended" actually mean?
But since they are invading my apartment with their ugly radiowaves and I am a bit worried about those bytes sent through the air could be unhealthy I would like to examine them a bit (pun intended).
So I found this: www.etherpeg.org and was about to try it until I found out I had to compile it myself. And I refuse to geek out like that...
So do anyone know where to find something that doesn´t require me to compile it? Or would someone compile it for me in an ethernet and an airport version?
And what do "pun intended" actually mean?
Comments
Originally posted by Anders the White
So I found this: www.etherpeg.org and was about to try it until I found out I had to compile it myself. And I refuse to geek out like that...
...hey I'm not a geek, I just want to sniff my network.
I'm going to recommend ettercap, and snort. *gasp* You may have to compile them yourself, though precompiled binary .pkg's do exist.
http://macosx.forked.net/
...what the hell. etherpeg only displays jpg/gifs going past the ethernet port, and you don't have to recompile it. On top of all that, it just sniffs *your* ethernet port, not others. It's pretty cool for a laugh though...
Originally posted by serrano
...hey I'm not a geek, I just want to sniff my network.
Yoou got it dude. Its my network and if they use it I´m entitled to do so. And the beauty of the first program is that it only shows the pictures that are downloaded through it.
Looked into the other program. Thanks but not quite the thing. So if anyone have another suggestion please let it be heard
Originally posted by Anders the White
And what do "pun intended" actually mean?
a pun is a play on words. ex: "That's brisk, baby". Brisk is both a tea drink, and a word which can describe that very drink. (no pun intended).
i like ethereal for poking around my packets. it's pretty easy to use. if you have fink, then its a cake to install. you do have fink, right? there might be binaries available somewhere independant of fink, but i havent looked. also, it req's an x11server, so you may want to get apple's x11 dealie.
http://www.uweb.ucsb.edu/~serrano/et...-0.6.7.pkg.tgz
You're going to need to run it from the terminal. I'm not sure it's what you're looking for, it's not going to tell you your increased cancer rate due to the extra radio waves. ...unless of course you're looking to snoop on what websites they're visiting, their passwords to different sites/ftp/ssh, or their aim chats...
The .pkg is a straightforward install, once complete open a new terminal window and type sudo ettercap. You'll be prompted for your password, enter it. You'll then get a listing of all clients/routers on your network. From the left select the source, ie. your target, from the right select the destination, ie. your router. Then hit a to begin a man-in-the-middle attack. It will poison the ARP cache of your target and the destination, all data between the router and target will flow through your client and you will be able to see if it's http, ftp, aim, et cetera. You wll also be able to automatically log all passes found.
Enjoy, and be smart.
Originally posted by Anders the White
And the beauty of the first program is that it only shows the pictures that are downloaded through it.
No, it doesn't.
It 'shows the pictures' that you download, not everything passing through your network.
EtherPEG is a free program for the Macintosh that shows you all the JPEGs (and GIFs) going by on your network.
...
EtherPEG works by capturing unencrypted TCP packets off your local network, collecting packets into groups based on TCP connection (determined from source IP address, destination IP address, source TCP port and destination TCP port), reassembling those packets into order based on TCP sequence number, and then scanning the resulting data for byte sequences that suggest the presence of JPEG or GIF data.
EtherPEG works with any TCP/IP network, including Ethernet networks and wireless networks like AirPort, as long as the data is not encrypted. If the data is encrypted using IPSEC, or Virtual Private Network (VPN) products like PGPNet, or Web Browser SSL encryption, then third-parties cannot view your data.
Does local network only mean the connection between my computer and my ABS here or does it include all connetions to my ABS?
Originally posted by Anders the White
Do you have any experience with it? Because this really suggest that I can intercept images as long as they are sent on my LAN (like from my base station to another computer)
Yeah, I *actually* downloaded it. The precompiled versions allow you to sniff en0, and en1. Your ethernet and airport. I thought you didn't want to compile anything.
Ettercap is the choice for sniffing on a switched lan.
whatever.
Originally posted by 1337_5L4Xx0R
Score! Thanks, serrano!
np stimuli, I had a bitch of a time getting ettercap under 10.2. Apple seriously wonked some shit up, no ettercap build compiled under 10.2 will successfully see any host besides yourself. You can, however, compile ettercap on 10.1 and move it over to 10.2... now if i could only find someone to compile 0.6a on 10.1...