atit
Replies to this thread:

More by atit
What people are reading
Subscribers
:: Subscribe
Back to: Computer/IT Refresh page to view new replies
 any one into packet monitoring
[VIEWED 6760 TIMES]
SAVE! for ease of future access.
Posted on 10-31-07 9:41 AM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

Hello all,

I need to monitor packets for my project and i would appreciate any help i receive. I am doint a client server program in java using sockets. All i want to do is monitor the communication between them. Also if possible i want to see what data is being sent and receive. Further would be to take that data and see if the reply attack can be performed.

But right now i couldn't do anything. I tried ethereal to monitor what's going on. I unhooked my internet connection before i ran the program to have less noise. Wheni run the program i have client interacting with the server and receiving and sending information. But the ethereal show's nothing.

Am i missing something here?

Any Help.?


 
Posted on 10-31-07 10:49 AM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

bro/sis

don't force yourself to be a computer engineer if you're not made for it/if you lack the intellectual skills. You might be happier/better off in some other field. You know you have the choice and please do not follow the social pressure like in Nepal. Doctors,engineers an pilot, now it's computer engineer. No offence.

 


 
Posted on 10-31-07 10:53 AM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

.

Seems to me you arent listening on the "right" interface in ethereal. Check that out!

You might want to use windump as well for such purposes , if you dont want ethereal hassles.

 
Posted on 10-31-07 2:28 PM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

Well i belive i am not listening on righ interface. As there is nothing listed as soon as i unplug the cable.

I searched internet for ways to monitor packets in localhost but couldn't really implement them. Now i am trying to get a network by hooking up to a router. So i have a laptop running the client side of the code and desktop with mysql and apache (Xampp) running the server side. Now to connect from laptop to desktop i would use 192.168.1.103 instead of localhost. Connection works successfully. I could run ethereal to collect data. But there is a lot of info I could hardly differentiate the packets generated by my laptop.

Thanks bob for your concern, but for me its too late to pull out. Help is higly appreciate.


 
Posted on 10-31-07 3:31 PM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

.

You could listen without segregating the server . i.e on the localhost as well. Just had to make sure, you listen on the "right" interface. Nevertheless, since you've already done that : Now all you need to do is to sniff the "right" data. : )

Capture Filter is how you do that!

First , see which port your application listens to, and filter on that port. You may even color them or discard other packets to see the clean shit "right" data.
Last edited: 31-Oct-07 03:31 PM

 
Posted on 10-31-07 7:08 PM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

sorry could not check your reply on time.. i had to disconnect internet and time flew by. Yeah i am connecting to port 9999 so let me try what you've just told me.. let me disconnect and be back soon. :p


 
Posted on 10-31-07 7:41 PM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

0000  00 11 11 be fc 02 00 16  6f 5c 70 92 08 00 45 00   ........ o\p...E.
0010  00 66 3a 75 40 00 80 06  3c 01 c0 a8 01 64 c0 a8   .f:u@... <....d..
0020  01 67 09 f3 27 0f 4e f5  f6 b2 59 3d c4 c3 50 18   .g..'.N. ..Y=..P.
0030  44 e8 94 7d 00 00 78 78   78 78 78 78 40 68 6f 74   D..}..xx xxxx@hot
0040  6d 61 69 6c 2e 63 6f 6d  0d 0a 32 30 34 30 33 36   mail.com ..204036
0050  61 31 65 66 36 65 37 33  36 30 65 35 33 36 33 30   a1ef6e73 60e53630
0060  30 65 61 37 38 63 36 61  65 62 34 61 39 33 33 33   0ea78c6a eb4a9333
0070  64 64 0d 0a                                        dd..   

Thanks for your Help Oldmaven, red is the username and green the hashed password. You are my man . I wish i could assign you 10 duke points.

Happy Tihar.

I'll post here if i have some more problem on packet sniffing.

 


 
Posted on 10-31-07 8:29 PM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

Awesome ... so you could sniff your traffic and was able to see your cleartext hotmail userID eh~ 

Ethereal/Wireshark is great.. ain't it?

BTW, giving out MD5 hash is risky. It can be reverse bruteforced.

@oldmaven, you seem to be fairly familiar with packet analysis - are you into IDS as well?

 

~@~



 
Posted on 10-31-07 9:57 PM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

I am starting to like this.

Well about the reverse bruteforce, which one is highly resistant sha-1 or md5?

Since high-tech people are here let me pop this question. How do you do a DoS?

I want to flood the server (so that it could not serve). This will only be deployed on my machine   

Any other, better, cheaper and easier means to do this?


 
Posted on 10-31-07 10:07 PM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

are you talking about reverse brutefors for sha-1 or md5 ????? is that possible???
I thought it was not possible for current available processing power to reverse brute force a MD5 ??


 
Posted on 11-01-07 12:38 AM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

 Interesting topic to be brought upon!

 Ethereal/Wireshark is a neat sofrware and seeing all the responses I should have brought a topic on "cracking WEP", with which had a rough time not long ago.

G'luck atit!


 
Posted on 11-01-07 11:16 AM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

So anything for Dos Attacks?? Half-open SYN-ACK

I need to flood my server, and show that there is a vulnerability using the centralized system (Single point of failure)

"cracking WEP" sounds interesting!!! So you get done with that?


 
Posted on 11-01-07 12:02 PM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

.

MD5 is considered not secure at all. Researches have proved there are algorithms that can actually find collisions in compression algorithmic implementation of MD5. There are claims that say they can reverse brute-force hashes as such. There are even better mechanisms to break using the "rainbow table" project that uses the time-memory trade off technique, much much faster than the brute can do.

Using a "salt" value to further protect MD5 hashes is what is generally used prominent that can reduce rainbow cracks.  i.e hash is md5 (password, salt)

SHA-1 is the successor for MD5. Security researchers even claim collisions on SHA-1 hash functions. LOL .
I see many PGP signed messages using SHA-1 hashes. I myself signed my message on SHA-512 just in case. : ) And there has not been any collisions reported on that till date.

I hope NIST comes up with great competition for us to see more interesting hash algorithms in future.

@ SAAJHA, i am just a big time enthusiast.

@ atit, Good that it helped you. And now you want to attack your server to prove a single point of failure. I bet there are plenty tools out there for SYN flooding. Why dont you google ? Just a small thought: if you simply run ftp server and hog the network to practically -dead- with multi connections and ingress/egress traffic, and prove that you need a back-up server ? : ) but then, i'd suggest you go for the former choice to play with the tools.

@Grace_S , Cracking WEP : must be easy with so many tools available. WPA-2 is what they say should be chosen to secure your Wi-Fi , at this time. Let the time roll, and we can see wonders ahead.

 
Posted on 11-01-07 4:45 PM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

@ dcvirus, since hashes are message digests that cannot be directly bruteforced, random strings are hashed applying the originally used algorithm, and compared against the captured hash. One of such super power tools is up there- below my previous post.
@ Grace_S, What was so rough about WEP becon cracking?
@ OldMaven, tell us about the range of your enthusiasm. I give myself 9.9 out of 10 --- about expertise ~~~ umm.. somewhere on the 3ish. :P 
@ atit, What's your Server's IP address? ;)
 DoS can be as simple as disconnecting the Network Cable from your NIC; to jointly hitting a single box or a cluster with thousands of Zombies (machines running bots or somehow compromised), hogging up the CPU, overflowing memory buffer, or sending tons of junk packets and clog the Network. It doesn't necessarily have to be a SYN flood. Even without a SYN and SYN/ACK (first two steps of a three-way handshake), an attacker can send a continuous stream of ACK packets to cause Denial of Service. For a standalone server (presumably your case), DoS is trivial, since there's no load balancing or failover. 


~@~ 


 
Posted on 11-01-07 9:25 PM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

Well i am using localhost. so it is 192.168.1.103. I am probably looking at some small piece of code that would overflow memory. Some small piece of c++ or java code that can be used. So you'd suggest i establish as many connection as possible on the socket 9999(localhost my case ) using any one of the program ?? Can that be done (?)

is there limitation to how many connection can be established on one socket ? I will search this in google too but i wanted to post this question here as well.

I see lot of room for GROWING.

 


 
Posted on 11-02-07 12:21 PM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

Oldmaven,

I too thought cracking WEP was quite an easy task, especially with many tools available. Chose BackTrack2 but somehow was unable to crack, probably because of peer pressure of other classes too.

Saajha and atit,

Couldn't crack the password, nevertheless was such a facinating experience. Technology can do so much!

Best regards

 


 


Please Log in! to be able to reply! If you don't have a login, please register here.

YOU CAN ALSO



IN ORDER TO POST!




Within last 30 days
Recommended Popular Threads Controvertial Threads
TPS Re-registration case still pending ..
I hope all the fake Nepali refugee get deported
Those who are in TPS, what’s your backup plan?
and it begins - on Day 1 Trump will begin operations to deport millions of undocumented immigrants
Travel Document for TPS (approved)
To Sajha admin
MAGA and all how do you feel about Trumps cabinet pick?
All the Qatar ailines from Nepal canceled to USA
MAGA मार्का कुरा पढेर दिमाग नखपाउनुस !
NOTE: The opinions here represent the opinions of the individual posters, and not of Sajha.com. It is not possible for sajha.com to monitor all the postings, since sajha.com merely seeks to provide a cyber location for discussing ideas and concerns related to Nepal and the Nepalis. Please send an email to admin@sajha.com using a valid email address if you want any posting to be considered for deletion. Your request will be handled on a one to one basis. Sajha.com is a service please don't abuse it. - Thanks.

Sajha.com Privacy Policy

Like us in Facebook!

↑ Back to Top
free counters