Electronic Books

There is a
way to ???sniff??? traffic on a switch to show all traffic to a specific or every
computer on a switch, which will be covered in Chapter 9.
Sniffing Traffic
217
Ngrep also allows for the redirection of the output to be saved to a file for
later analysis. This is done with the syntax of:
ngrep >> output.txt
The ngrep application will start. At this point all traffic to and from the
computer it is installed on is captured and saved to a file named output.txt.
To stop the capture hold down the Ctrl key and press the C key.
218
Practical Hacking Techniques and Countermeasures
To view the contents of the output.txt file, type:
cat output.txt
The contents will be displayed for further review. In this case, the output
is traffic captured between the computer running ngrep to Google, indicating
that this is data from the computer going out to Google??™s Web site.
*Note: Attackers are looking for more sensitive data than the user??™s Web use, but
keep in mind that an attacker is looking for all unencrypted (plain text) data
and it is only a matter of time before some sensitive data (FTP logins, Telnet
communications, etc.) is captured by ngrep for analysis, as shown in the
Windows example for ngrep.
Sniffing Traffic
219
For Windows
From the directory containing the ngrep application, type:
ngrep
The ngrep application will start. At this point, ngrep will capture all traffic
to and from the computer it is installed on.


Pages:
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105