First of all ,I would like to let you know that, whatever I write here is for educational purpose only .Please do not abuse it one way or other.

I think you already aware of the dangerous key loggers  and what they do . If you want to use  a computer in a net cafe for bank transactions, be-careful !, they might have key-loggers installed which can capture your passwords and chats .

There are some hardware key loggers which can be attached to keyboard and others are software key-loggers which are difficult to be traced .

If  we have physical access to someone’s computer it is very easy to view passwords ,record chats or record whatever typed  on that computer .And sometimes, it is possible  to receive a  mail automatically with the recorded data ( for example- spector pro).

If we don’t have physical access to the pc and dont want to install  some monitoring software , Then we can use network packet capturing tools like wireshark to capture passwords ,web traffic  on network.

If the computers on network connected to a older ethernet hub , then it will be more easy to capture packets originating from those computers , because a ethernet hub just broadcasts the packets (sends the same packet to all the computers on network , but only the real receiver will accept it ) . So with the tools like ethereal , we can make the computer  listen to these packets  in promiscuous mode .

But ethernet switch does not broadcast the traffic , it sends the frames directly to  a node which it has to be delivered . Because it knows the mac-address of the destination .

If the computers connected to Cisco catalyst switches , We can clone the same traffic destined to one port ,to another port . Suppose  computer A connected to port 1 and having conversation with server S connected to port 2,then using  port mirroring feature  we can copy the frames from port 1 to port 3 . And with the help of tools like ethereal , we can capture those packets( Should i say frames ?, since it is layer 2 data. ) and decrypt the interesting traffic.

 

The procedure to enable port mirroring on a csico  2900 LAN switch series is ,

1.using console cable or telnet to cisco switch ,enter global config mode

switch# config terminal

2.issue command

switch<config># monitor session 1 source interface GigabitEthernet 0/1

3. issue command

switch<config>#monitor session 1 destination interface FastEthernet 0/20

4.Exit from Global config mode and issue command write memory to save the changes

 

We can give session number anything between 1-66 . The source interface number is the port we want monitor and destination interface is the port where our computer is connected which has wire shark or any other network traffic sniffer is installed.

 

 

 

 

 

Now it is time to open our monitoring tools and check for the interesting traffic.

Suppose we can use messenger detect to monitor messenger chats and contacts of  messengers on the network .

 

 

 

If we use wire shark , we can capture http,pop3,ftp passwords too..

 

Categories: Networking

0 Comments

Leave a Reply

Your email address will not be published.